ne-vlezay80 Posted July 30, 2016 Короче, если в режиме afpacket или pcap сделать: system@ne-vlezay80-pc:~$ nc ya.ru 80 aa bb HTTP/1.1 400 Bad Request Server: nginx Date: Sat, 30 Jul 2016 11:47:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 166 Connection: close <html> <head><title>400 Bad Request</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <hr><center>nginx</center> </body> </html> То snort покажет alert Commencing packet processing (pid=4554) Decoding Ethernet 07/30-11:51:03.382911 [**] [1:1000003:1] Filtred! [**] [Priority: 0] {TCP} 10.247.1.48:53620 -> 93.158.134.3:80 Но, в режиме nfq он почиму-то не видит пакеты с aa bb. В чем проблема? Share this post Link to post Share on other sites More sharing options...
