Snort mailing list archives

Previous By Date Next
Previous By Thread Next

How snort processes packets.

From: "Jesse W. Asher" <jasher1 () tampabay rr com>
Date: Tue, 19 Nov 2002 06:10:46 -0500
I'm not as familiar with the inner workings of snort as I'd like so I thought I'd ask a question about how snort processes packets.
Does snort examine packets individually for potential issues or does it take an entire stream of packets and examine all the packets together and correlate possible issues across all the packets? In other words, there are attacks which are not easily identifiable by looking only at individual packets, but may be identifiable if an entire stream of packets is examined and the information on all the packets is correlated. 

How does snort handle such issues?

--
Jesse W. Asher

"They that can give up essential liberty to purchase a little temporary
safety, deserve neither liberty or safety."  - Benjamin Franklin




-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: