Snort mailing list archives
Analysis done by Snort
From: Ashley Thomas <athomas () unity ncsu edu>
Date: Wed, 26 Sep 2001 22:11:08 -0400
Hi, I have a doubt regarding how snort does the analysis. When Snort starts it reads all the rules from the snort.conf file which we specify using -c option. Then when ever a new packet arrives, depending on what protocol it is, different rules are applied to it to see if there is a match. ie if the packet belongs to ftp then ftp.rules are applied to it. if it is a telnet packet, then telnet.rules is applied. Similarly scan rules would be applied when ever we get 'tcp syn' packets. Is it how snort does it ? Please correct me if i have understood it wrong. Also please point out if there is any place where i can read on how snort does the analysis. thanks a lot Ashley _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Analysis done by Snort Ashley Thomas (Sep 26)
- RE: Analysis done by Snort John Berkers (Sep 27)
- Re: Analysis done by Snort Erek Adams (Sep 27)