Snort mailing list archives
Doubt about non TCP/IP packets
From: Marcos Lois Bermúdez <marcos.lois () gmail com>
Date: Mon, 12 Aug 2013 12:31:13 +0200
Hi, I'm really a newbie with snort, after some reading i have some clear ideo of how snrot works, and generate events in unified2 format that can transfered to a central database. After read the unified2 binary format, barnyard2 database shema and Snort rules, how can i create rules for non TCP/IP traffic. I have traffic captured from PLC that can encapsulate IP trafic but also other protocols. Can i write rules usinf RAW packets? How this RAW packets content is generated on unified2? Do i need to implement some kind of plugin for Snort? Regards.
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Doubt about non TCP/IP packets Marcos Lois Bermúdez (Aug 12)
- Re: Doubt about non TCP/IP packets Jeremy Hoel (Aug 12)