Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Documentation regarding snort internals.

From: Chris Keladis <Chris.Keladis () cmc cwo net au>
Date: Fri, 01 Mar 2002 08:53:09 +1100
Ashley Thomas wrote:


Hi Ashley,


Is there any documentation regarding Snort internals, ie how the packet
processing is done, how is the rule set implemented etc ?

I could'nt find any in the documentation section in snort.org.

any pointers is welcome.


Probably comments in the code will be your best bet.

The Snort FAQ explains the use of RuleTreeNodes (RTN) and OptTreeNodes
(OTN),  the 2d linked-list structure used in Snort to "IDS" packets.

The rest would probably be libpcap magic which the pcap man page would
describe in relative detail.



HTH,

Chris.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: