Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about http_inspect

From: "Rahul Burman (rahburma)" <rahburma () cisco com>
Date: Mon, 21 Sep 2015 09:58:35 +0000
It is not really required as the response codes and headers are available in the first response packet itself.
You can actually go through the code under HttpInspect module. I believe it is well explained there.

[http://www.cisco.com/web/europe/images/email/signature/logo05.jpg]

Rahul Burman
ENGINEER.SOFTWARE ENGINEERING
rahburma () cisco com
Phone: +91 80 4365 7902

Cisco Systems Limited
SEZ, Embassy Tech Village,Panathur Varthur Hobli, Bangalore East Taluk
BANGALORE
KARNATAKA
560 037
IN
Cisco.com<http://www.cisco.com>





[Think before you print.]Think before you print.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, 
use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized 
to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html



From: Asim Jamshed [mailto:asim.jamshed () gmail com]
Sent: Monday, September 21, 2015 3:14 PM
To: Rahul Burman (rahburma)
Cc: snort-devel () lists sourceforge net
Subject: Re: Question about http_inspect

Thanks. Can you please elaborate on why it cannot do stateful inspection on server response?

--Asim

On Monday, September 21, 2015, Rahul Burman (rahburma) <rahburma () cisco com<mailto:rahburma () cisco com>> wrote:
HttpInspect module is stateless while inspecting the server responses.
There is a provision to do both stateless and stateful traffic inspection.

Regards
Rahul

-----Original Message-----
From: Asim Jamshed [mailto:asim.jamshed () gmail com<javascript:;>]
Sent: Sunday, September 20, 2015 4:55 PM
To: snort-devel () lists sourceforge net<javascript:;>
Subject: [Snort-devel] Question about http_inspect

Hi,

I was going through the Snort manual and it says that the http inspect module is stateless (analyzes flows on a 
per-packet basis). Is that right? I was wondering why it can use stream5 module and perform stateful management like 
ftp, telnet and smtp protocols?

Thanks,
--Asim

------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net<javascript:;>
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: