Snort mailing list archives
Re: Snort vs Snort++
From: Russ <rucombs () cisco com>
Date: Wed, 1 Jun 2016 06:59:06 -0400
You definitely want to use Snort++ because it has a new and improved HTTP inspector and is more extensible than Snort.
If you send some details on the WAF interface I can provide some pointers. On 5/31/16 12:13 AM, Akhil Koul wrote:
I am working on a project which involves interfacing snort with a web application firewall. The goal is to allow network packets captured by snort to be able to send to WAF for processing after they have been reassembled to mirror HTTP data.My question is: What would be better for this? Snort or Snort++Also, how would i proceed in this? Do i utilize the http_inspect preprocesseor functions to capture http data?Sorry, I am an amateur in Snort. Cheers! Akhil ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort vs Snort++ Akhil Koul (May 30)
- Re: Snort vs Snort++ ِABDUL ALEANAZI (May 30)
- Re: Snort vs Snort++ Russ (Jun 01)