Snort mailing list archives

Re: Snort vs Snort++

From: Russ <rucombs () cisco com>
Date: Wed, 1 Jun 2016 06:59:06 -0400

You definitely want to use Snort++ because it has a new and improvedHTTP inspector and is more extensible than Snort.


If you send some details on the WAF interface I can provide some pointers.


On 5/31/16 12:13 AM, Akhil Koul wrote:

I am working on a project which involves interfacing snort with a webapplication firewall. The goal is to allow network packets captured bysnort to be able to send to WAF for processing after they have beenreassembled to mirror HTTP data.


My question is: What would be better for this? Snort or Snort++

Also, how would i proceed in this? Do i utilize the http_inspectpreprocesseor functions to capture http data?

Sorry, I am an amateur in Snort.

Cheers!
Akhil


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort vs Snort++ Akhil Koul (May 30)
- Re: Snort vs Snort++ ِABDUL ALEANAZI (May 30)
- Re: Snort vs Snort++ Russ (Jun 01)