Snort mailing list archives
Re: About snort sFsnortPakcet header file
From: Emiliano Fausto <emiliano.fausto () gmail com>
Date: Tue, 29 Apr 2014 06:24:39 -0300
Hello Amtul, I was working with IP Addresses v4, and that's part of the code I used: SFSnortPacket *p = (SFSnortPacket *) pkt; IP4Hdr iphd; sfip_t iphdt; iphd = p->inner_ip4h; iphdt = iphd.ip_src; Then, in iphdt.ip you'll have the Source IP Address. Doing similar steps, but instead of previous line putting this one: iphdt = iphd.ip_dst; you'll have the Destination IP Address. Hope it helps, regards. Emiliano. PS: if you want to store the IP in an unsigned integer you may use these two lines: unsigned char *ipsrcp = (unsigned char*) &iphdt.ip; unsigned int src_ip_uint = (*ipsrcp << 24) + (*(ipsrcp+1) << 16) + (*(ipsrcp+2) << 8) + *(ipsrcp+3); 2014-04-29 4:59 GMT-03:00 Amtul Saboor <saboor.amtul () gmail com>:
Hello I am trying to make some changes in snort sample prperocessor dpx , i have read the following information from snort manual online: *4.1.4 SFSnortPacket* *The SFSnortPacket structure mirrors the snort Packet structure and provides access to all of the data contained in a given packet.* *It and the data structures it incorporates are defined in sf_snort_packet.h. Additional data structures may be defined to reference other protocol fields. Check the header file for the current definitions.* *Source: http://manual.snort.org/node38.html <http://manual.snort.org/node38.html>*I have gone through this file sf_snort_packet.h , but i am unable tolocate the exact data structure that deals with packet source ip address and destination ip address. I just need these two data structures to make the desired variation. Any one would be appreciated. Thanks -- *Amtul Saboor* *MS (Information Security) * *Military College of Signals, National University of Science & Technology, Rawalpindi* *Pakistan* ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- About snort sFsnortPakcet header file Amtul Saboor (Apr 29)
- Re: About snort sFsnortPakcet header file Emiliano Fausto (Apr 29)
- Re: About snort sFsnortPakcet header file Steven Sturges (Apr 29)
- Re: About snort sFsnortPakcet header file Emiliano Fausto (Apr 29)