Re: [snort-devel] Dynamic Pre-process to decipher packet information

[Emiliano Fausto <emiliano.fausto () gmail com>]

Hi,

I saw the preprocessor rpc_decode, which does something very similar to
what I was needing to do.

Taking this preprocessor as example, I could figure it out what I was
looking for.

We can close this thread,
thanks!

Emiliano.

PS: Thanks to Hui Cao who oriented me.


2014/1/6 Emiliano Fausto <emiliano.fausto () gmail com>

> Hello there,
>
> I'm trying to build a dynamic pre-processor which takes every packet
> before the SNORT engine, then decipher certain information which come
> ciphered inside the packet and put it back into the SNORT.
>
> I've seen that I'm able to deciphered the information and print it with
> logMsg() inside the preprocessor, and also send a syslog alert, but what
> I'd really want to do is to put it back into the snort engine so that this
> packet deciphered is being analyzed with the snort rules.
>
> Something like this:
>
> CIPHERED PKT ---> MyPreprocessor ---> DECIPHERED PKT --> SNORT engine rules
>
> Does anyone know how to do it, or recommend some starting point?
>
> Thanks in advance,
> Emiliano.
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!