Snort mailing list archives
Re: Snort Beginner
From: Russ Combs <rcombs () sourcefire com>
Date: Mon, 5 Mar 2012 10:35:27 -0500
At a high level, yes, it is the same path, through the DAQ. The pcap DAQ in particular can read from file or from interface and there is very little difference between the two except for the pcap library call. On Sat, Mar 3, 2012 at 3:13 PM, Anju Jyothish <anjupanicker.ms () gmail com>wrote:
Hi,I have a question. When snort reads packets from a pcap file, does it follow a different path; or is it processed in the same manner as a packet from the ethernet/ Thanks, Anju On Wed, Jan 4, 2012 at 12:26 PM, Anju Jyothish <anjupanicker.ms () gmail com>wrote:Hello, I am working on a project with snort. According to Martin there is no documentation in snort that would help developers. He advised me to ask specific questions to the team. Here is my problem. I want to collect the grouped packets in group-specific buffers, collect the rule contents applicable to those packets, and then play with the A-C algorithm. The code is enormous and I would like some pointers as to where to look at. Any help would be highly appreciated. Thanking in anticipation, Anju------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Beginner Anju Jyothish (Jan 06)
- Re: Snort Beginner Anju Jyothish (Mar 03)
- Re: Snort Beginner Russ Combs (Mar 05)
- Re: Snort Beginner Anju Jyothish (Mar 03)