Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort complex content rules apply

From: walther karl <walther38 () mail ru>
Date: Fri, 21 Dec 2012 16:16:49 +0400
 Hello!
I need to use the Snort search engine in the content of the rules to a certain arbitrary buffer composed of the 
contents of several packets (tcp, udp). Used a search engine content strongly associated with Packet  structure of 
single packet, fully  understand that I could not.
In other words:

Now: every packet (payload,payload size) -> content search engine by rules[ ] -> found callback

I need: buffer, buffer sizeĀ   -> content search engine rules[ ] -> found callback

Any ideas?

thanks
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: