Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort extension for layer 2 attacks

From: "Joel Esler \(jesler\) via Snort-devel" <snort-devel () lists snort org>
Date: Mon, 2 Mar 2020 14:35:03 +0000
We already have a layer 2 tool, check out the arpspoof preprocessor.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

On Feb 28, 2020, at 12:56 PM, Awais Ali via Snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists 
snort org>> wrote:

Hello all,
I am master student working in siemens AG, now a days I am working on possible extension of snort for layer 2 attacks. 
As per my understanding, I need to write decoder for that particular protocol and preprocessor as well.

Can someone guide me how I can write decoder for any given layer 2 protocol? The way snort parses the protocols for 
layer 3 and above. I hope you will cooperate in this regard.

Thanks,
Awais Ali
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org<mailto:Snort-devel () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: