?
Solved

wireshark, snort,  how do you look for a bit pattern from a pcap file

Posted on 2010-08-20
3
Medium Priority
?
830 Views
Last Modified: 2013-11-16
$EXTERNAL_NET:any
$SQL_SERVERS:1433
msg:"ET EXPLOIT xp_fileexist access"
flow:to_server,established
content:"x|00|p|00|_|00|f|00|i|00|l|00|e|00|e|00|x|00|i|00|s|00|t|00|"

I have captured a pcap file.  How do I look for this data pattern using wireshark?
0
Comment
Question by:rgbcof
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
Galtar99 earned 1000 total points
ID: 33488543
Click Edit|Find Packet
Click Hex value or String depending on what you're looking for
Put in your value in the Filter box, click Packet bytes and then find.
0
 

Author Closing Comment

by:rgbcof
ID: 33488636
Very cool.  Which zone is best to ask for snort, wireshark type of questions?
0
 
LVL 6

Expert Comment

by:Galtar99
ID: 33488874
I think the Networking|Protocols Zone would be the closest fit for it.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question