Snort mailing list archives
Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets
From: Steven Sturges <steve.sturges () sourcefire com>
Date: Thu, 19 Jun 2014 14:35:59 -0400
The data you're looking for is within the SFSnortPacket struct...
typedef struct _SFSnortPacket
{
...
const TCPHeader *tcp_header, *orig_tcp_header;
const UDPHeader *udp_header, *orig_udp_header;
const UDPHeader *inner_udph; /* if Teredo + UDP, this will be the
inner UDP header */
const UDPHeader *outer_udph; /* if Teredo + UDP, this will be the
outer UDP header */
const ICMPHeader *icmp_header, *orig_icmp_header;
...
On 6/19/14, 1:09 PM, Amtul Saboor wrote:
Hello I am trying to make some changes in snort sample prperocessor dpx , i have read the following information from snort manual online: /4.1.4 SFSnortPacket/ /*The SFSnortPacket structure mirrors the snort Packet structure and provides access to all of the data contained in a given packet.*/ /*It and the data structures it incorporates are defined in sf_snort_packet.h. Additional data structures may be defined to reference other protocol fields. Check the header file for the current definitions.*/ _Source: http://manual.snort.org/node38.html <http://manual.snort.org/node38.html>_I want to output the average number of TCP Syn, UDP and ICMP PAckets received per second, I have gone through this file sf_snort_packet.h , but i am unable tolocate the exact data structure that deals with incoming TCP Syn, ICMP and UDP packets. I just need these3 data structures to make the desired variation. Any one would be appreciated. Thanks Regards Amtul ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Amtul Saboor (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Steven Sturges (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Amtul Saboor (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Steven Sturges (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Amtul Saboor (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Steven Sturges (Jun 19)