 | 1 | initial version |
Hello aks
First of all, Wireshark is good for network analysis, it's not an IDS. However, Wireshark is super-useful to identify matters that were picked up by an IDS.
That being said, I suggest that you refine your SNORT rules. The current rules trigger on the content "or" and "and" respectively. This would pick up a ton of false positive, for example with words like "foreign" or "land". Please don't forget to rewrite all your rules (not just the AND and OR rules).
I suggest, that you take this question to security forum.
| | 2 | No.2 Revision |
Hello aks
First of all, Wireshark is good for network analysis, it's not an IDS. However, Wireshark is super-useful to identify matters that were picked up by an IDS.
That being said, I suggest that you refine your SNORT rules. The current rules trigger on the content "or" and "and" respectively. This would pick up generate a ton of false positive, for example with words like "foreign" or "land". Please don't forget to rewrite all your rules (not just the AND and OR rules).
I suggest, that you take this question to security forum.
