Snort mailing list archives
Re: About README.UNSOCK
From: WangChuang <chuck.wang () live cn>
Date: Fri, 15 Nov 2013 15:23:03 +0800
Hi, Thanks for your response. Actually I'd like to parse out the 5-tuple(src ip, src port,dest ip, dest port) plus alert message from the Unix socket. I noticed that the Alertpkt struct has been redefined in Snort 2.9.5.5, because the new version of snort will use daq, so there is struct pcap_pkthdr32 pkth in it. What's more, the uint8_t pkt is [65535] size now, whereas it is [1518] in the earlier version. Will those cause the troubles to do with the unix-sock parse out? And I enclose the url of my program parser.c here: https://drive.google.com/file/d/0B9ry03pvjujlSXFNbFh3NTJicFU/edit?usp=sharingYou need to run snort �CA unsock first and then compile and run the parser. However my program still cannot parse out the 5-tuple. I don't know why. It will be very kind if you guys can take a look. Thanks a lot. -------------------------- Wang Chuang Email:Chuck.Wang () live cn Phone:+886-988492270 Address:R705, General Building II, National Tsing Hua University, No. 101, Section 2, Kuang-Fu Road, Hsinchu, Taiwan 30013, R.O.C. Date: Thu, 14 Nov 2013 08:54:29 -0500 Subject: Re: [Snort-devel] About README.UNSOCK From: bbantwal () sourcefire com To: chuck.wang () live cn CC: snort-devel () lists sourceforge net Try ./src/snort.h On Tue, Nov 12, 2013 at 5:11 AM, WangChuang <chuck.wang () live cn> wrote: Hi there, In the README.UNSOCK, you give an example of using unsock, but i cannot find snort.h file, and this caused an compile error #include "snort.h" Could you pls help.Thanks. -------------------------- Wang Chuang Email:Chuck.Wang () live cn Phone:+886-988492270 Address:R705, General Building II, National Tsing Hua University, No. 101, Section 2, Kuang-Fu Road, Hsinchu, Taiwan 30013, R.O.C. ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- About README.UNSOCK WangChuang (Nov 14)
- Re: About README.UNSOCK Bhagya Bantwal (Nov 14)
- Re: About README.UNSOCK WangChuang (Nov 18)
- Re: About README.UNSOCK Bhagya Bantwal (Nov 14)