Doubt about non TCP/IP packets

[Marcos Lois Bermúdez <marcos.lois () gmail com>]

Hi,

I'm really a newbie with snort, after some reading i have some clear ideo
of how snrot works, and generate events in unified2 format that can
transfered to a central database.

After read the unified2 binary format, barnyard2 database shema and Snort
rules, how can i create rules for non TCP/IP traffic.

I have traffic captured from PLC that can encapsulate IP trafic but also
other protocols.

Can i write rules usinf RAW packets?
How this RAW packets content is generated on unified2?
Do i need to implement some kind of plugin for Snort?

Regards.

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!