From 9c532a46a1012ff7f16ba1d541a90e624548fa58 Mon Sep 17 00:00:00 2001 From: "Russ Combs (rucombs)" Date: Wed, 14 Dec 2016 15:04:45 -0500 Subject: [PATCH] Merge pull request #748 in SNORT/snort3 from doc_sdftyop to master Squashed commit of the following: commit e646c080bfd765b3c42830b4a9b3eb8343bf58d4 Author: Victor Roemer Date: Wed Dec 14 11:09:40 2016 -0500 Fix alert msg output commit 565a89b76108f9058e898213cbd04c5b96020945 Author: Victor Roemer Date: Tue Dec 13 14:35:47 2016 -0500 Fix typos commit 0170073da41b6310a9b2e9e9464cfe32ac367fa0 Author: Victor Roemer Date: Thu Dec 8 16:23:48 2016 -0500 Update example alert output to match latest behavior. commit 7f8f8bb4b3cdfc7c9acefb6ea149267e66d34e4c Author: Victor Roemer Date: Thu Dec 8 15:38:15 2016 -0500 Fix typo --- doc/sensitive_data.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/sensitive_data.txt b/doc/sensitive_data.txt index 52c68eb58..b5a75a375 100644 --- a/doc/sensitive_data.txt +++ b/doc/sensitive_data.txt @@ -68,8 +68,8 @@ That's pretty easy, but here is one more example anyway. sd_pattern:"This is a string literal", threshold 300; This example requires 300 matches of the pattern "This is a string literal" -to qualify as a positive match. That is, if the string only occurred 299x -in a packet, you will not see an even. +to qualify as a positive match. That is, if the string only occurred 299 times +in a packet, you will not see an event. ===== Obfuscating Credit Cards and Social Security Numbers @@ -96,7 +96,7 @@ Logged output when running Snort in "cmg" alert format. 10.1.2.3:48620 -> 10.9.8.7:8 TCP TTL:64 TOS:0x0 ID:14 IpLen:20 DgmLen:56 ***A**** Seq: 0xB2 Ack: 0x2 Win: 0x2000 TcpLen: 20 - - - raw[16] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E 39 32 39 34 ............9294 + 58 58 58 58 58 58 58 58 58 58 58 58 39 32 39 34 XXXXXXXXXXXX9294 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ==== Caveats -- 2.47.2