Snort mailing list archives
SFSnortPacket: Problem when getting packet payload
From: Hai Minh Nguyen <lightsea90 () gmail com>
Date: Tue, 14 May 2013 17:39:21 +0700
Hi, I'm writing a dynamic preprocessor which examines all packet payload. I found that SFSnortPacket contained 2 members: payload (pointer) and payload_size. I used these 2 members to read packet payload. But when I tested with those packets of a HTTP stream (definitely payload existed), it shown that payload_size = 0 and payload != NULL. I thought if payload_size = 0 then payload = NULL :| My questions: 1. If payload_size = 0, there's no payload, just header and payload = NULL. Is this true? What about my case? 2. How to examine packet payload? (Is that my way right? How to fix? Any other solution?) -- Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một lần, nhưng chưa ai qua nổi quá tam chiêu!!!
------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- SFSnortPacket: Problem when getting packet payload Hai Minh Nguyen (May 14)
- Re: SFSnortPacket: Problem when getting packet payload Todd Wease (May 14)