Snort Struggles: How to detect the FTP service name?

I am muddling through learning Snort and feeling a bit daft. I'm trying to write a rule that allows me to detect the FTP service name used in a .pcap.

I analyzed the .pcap with

sudo snort -c local.rules -A full -l . -r ftp-png-gif.pcap

sudo snort -c local.rules -A full -l . -r ftp-png-gif.pcap

I looked up some ways to find the ftp service name and I found a few like

sudo snort -r snort.log.1671731339 -X -n 10

sudo snort -r snort.log.1671731339 -X -n 10

which would probably do the trick, but I'm not sure why. I get that -X has something do the preprocessor, but I'm not sure why this outputs anything with FTP, or how to find where the FTP service name is in the output.

Cyber Info•3y ago•

2 replies

near-sapphire

Snort Struggles: How to detect the FTP service name?

I am muddling through learning Snort and feeling a bit daft. I'm trying to write a rule that allows me to detect the FTP service name used in a .pcap.

I analyzed the .pcap with

sudo snort -c local.rules -A full -l . -r ftp-png-gif.pcap

sudo snort -c local.rules -A full -l . -r ftp-png-gif.pcap

I looked up some ways to find the ftp service name and I found a few like

sudo snort -r snort.log.1671731339 -X -n 10

sudo snort -r snort.log.1671731339 -X -n 10

Snort Struggles: How to detect the FTP service name?

Similar Threads

Snort Struggles: How to detect the FTP service name?

Similar Threads

Similar Threads

Similar Threads