Snort mailing list archives
u2 binary format question
From: Avery Rozar <avery.rozar () insecure-it com>
Date: Tue, 26 May 2015 12:48:16 -0400
In the snort_manual.pdf for 2.9.x it does not mention anything about the 2 extra bytes for "policy_id" before the 2 bytes of padding in the U2(V2) Event . (Question): Is it safe to assume this was just missed in the documentation and I can move forward with the 2 bytes for "policy_id"? Also, the U2 packet does not mention anything about the extra 4 bytes for "packet seconds". (Question): Is is also safe to assume this was just missed in the documentation and I can move forward with the 4 bytes for "packet seconds"? Is this the same for U2 extra data as well? Thanks, Avery Rozar
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- u2 binary format question Avery Rozar (May 26)
- Re: u2 binary format question Victor Roemer (May 27)
- Re: u2 binary format question Avery Rozar (May 27)
- Re: u2 binary format question Victor Roemer (May 27)