Re: Regular Expression Matching in Snort Rules

[Venkataramesh Bontupalli <bontupalliv1 () udayton edu>]

Could you enlighten me on how does SNORT perform the Regular Expression
Matching ??

Thanks and Regards,
VenkataRamesh

On Thu, Oct 16, 2014 at 12:44 PM, Mitesh Jadia <mitesh.jadia () gmail com>
wrote:

> As per my knowledge state machine is no build for pcre. It is only
> generated for contents.
>
> That is why best practice to write a signature is first try to match a
> content and after that write pcre keyword.
>
> -- Mitesh
>
>
> *** This message has been sent using E3 Mobile ***
>
>
> Venkataramesh Bontupalli <bontupalliv1 () udayton edu> wrote:
>
> Dear Snort-Users,
>
> I am trying to understand how does snort perform the regular expression
> matching i.e the PCRE option in the snort rules.
>
> However, through the literature study I understood that Snort generates a
> Finite State Machine (FSM) during the compilation.
>
> Could any one let me know what kind of FSM it generated?
> Is it Deterministic Finite Automata (DFA) or Non Deterministic Finite
> Automata (NFA) ?
>
> Any help is highly appreciated.
>
> Thanks and Regards,
> VenkataRamesh
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!