Snort mailing list archives
Re: u2 binary format question
From: Victor Roemer <viroemer () cisco com>
Date: Wed, 27 May 2015 17:22:03 -0400
Huh, weird that was missed. Thanks for the heads up in documentationHave you checked "README.unified2" - this was the original outline, and then was translated to latex for the pdf manual. It may be accurate.
Otherwise, take a look at "src/sfutil/Unified2_common.h"- if in doubt go to the source.
On 5/26/15 12:48, Avery Rozar wrote:
In the snort_manual.pdf for 2.9.x it does not mention anything about the 2 extra bytes for "policy_id" before the 2 bytes of padding in the U2(V2) Event . (Question): Is it safe to assume this was just missed in the documentation and I can move forward with the 2 bytes for "policy_id"?Also, the U2 packet does not mention anything about the extra 4 bytes for "packet seconds". (Question): Is is also safe to assume this was just missed in the documentation and I can move forward with the 4 bytes for "packet seconds"? Is this the same for U2 extra data as well?Thanks, Avery Rozar ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- u2 binary format question Avery Rozar (May 26)
- Re: u2 binary format question Victor Roemer (May 27)
- Re: u2 binary format question Avery Rozar (May 27)
- Re: u2 binary format question Victor Roemer (May 27)