Re: Documentation regarding snort internals.

[Fyodor <fygrave () tigerteam net>]

Chris Keladis <Chris.Keladis () cmc cwo net au> spoke:
> Ashley Thomas wrote:
>
>
> Hi Ashley,
>
> > Is there any documentation regarding Snort internals, ie how the packet
> > processing is done, how is the rule set implemented etc ?
> >
> > I could'nt find any in the documentation section in snort.org.
> >
> > any pointers is welcome.
>
> Probably comments in the code will be your best bet.
>
> The Snort FAQ explains the use of RuleTreeNodes (RTN) and OptTreeNodes
> (OTN),  the 2d linked-list structure used in Snort to "IDS" packets.
>
> The rest would probably be libpcap magic which the pcap man page would
> describe in relative detail.

The badly outdated 2 years old piece is available at
http://snortnet.scorpions.net. If anyone is interesting to take over the
ownership of the document, I'd help with answering any technical queries
and passing all the .tex/source data to the person. Just never had a
chance to update the document since my grad. :-)


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users