Snort mailing list archives
Re: Technically speaking
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 31 Mar 2004 13:50:22 -0500
At 07:10 AM 3/31/2004, G DINESH wrote:
hi i m dinesh,
<snip>
I m not able to make up which file takes up the rules and constructs the tree, and checks the validation of the rules. are separate trees constructed for TCP,UDP,ICMP? how is the matching done ? Do u have any simple solution for me.
Simple? No.. snort isn't simple, but I can give you some direction.Disclaimer: I'm NOT a snort devel, and am only very casualy familiar with the snort code from a short amount of time spent skimming it.
I'd suggest first reading through parser.c. That is what builds the trees from the rules in the first place.
Then got to detect.c and find the function: int Detect(Packet * p)The detection process will eventually wind up calling many functions contained in the various files of the detection-plugins subdir. These functions do a lot of the "grunt work" of detecting a match between a packet and a given node.
One more thing i would like to ask is abt the LOGO of snort.Why the name "snort" and logo=pig ????????????????!!!!
Because there are two sounds a pig makes commonly referred to in English.. they squeal, and they snort.
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Technically speaking G DINESH (Mar 31)
- Re: Technically speaking Matt Kettler (Mar 31)