Technically speaking

[G DINESH <mail2dinesh2001 () yahoo co in>]

hi i m dinesh,
        I am student doing BE in Computers Science (India)
and  I m currently working on a project on Signature
Based IDS.

I m using snort as reference.Offcourse cannot make a
better tool than heavy weight (!light weight IDS)
snort.haha!!.Its a great tool !!!!well it goes without
saying.

I read the FAQ in snort, it gave me info about the OTN
and RTN .Could u pleaze explain me more about the Tree
and some tips that could help me .

So far i've done with protocol decoding (IP,TCP,UDP
using libpcap).Its quite difficult for me to follow
the code of snort.I m not able to make up which file
takes up the rules and constructs the tree, and checks
the validation of the rules.
are separate trees constructed for TCP,UDP,ICMP?
how is the matching done ?

Do u have any simple solution for me.

One more thing i would like to ask is abt the LOGO of
snort.Why the name "snort" and 
logo=pig  ????????????????!!!!

eager for yur reply 

thank u 

________________________________________________________________________
Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more. 
Go to: http://in.insurance.yahoo.com/licspecial/index.html


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users