Revision history [back]
Hello aks
First of all, Wireshark is good for network analysis, it's not an IDS. However, Wireshark is super-useful to identify matters that were picked up by an IDS.
That being said, I suggest that you refine your SNORT rules. The current rules trigger on the content "or"
and "and"
respectively. This would generate a ton of false positive, for example with words like "foreign" or "land". Please don't forget to rewrite all your rules (not just the AND and OR rules).
I suggest, that you take this question to security forum.
Hello aks
First of all, Wireshark is good for network analysis, it's not an IDS. However, Wireshark is super-useful to identify matters that were picked up by an IDS.
That being said, I suggest that you refine your SNORT rules. The current rules trigger on the content "or"
and "and"
respectively. This would generate pick up a ton of false positive, for example with words like "foreign" or "land". Please don't forget to rewrite all your rules (not just the AND and OR rules).
I suggest, that you take this question to security forum.