Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: where does snort save the data packet it has captured in the source code

From: Russ Combs <rcombs () sourcefire com>
Date: Tue, 7 Sep 2010 10:09:39 -0400
On Tue, Sep 7, 2010 at 5:50 AM, 刘昆 <liukunmeister () gmail com> wrote:


where does snort save the data packet it has captured .My meaning is
the location in the source code,an array or anything else?



Your question is pretty open ended.  Look at decode.c.  Actual packet data
from the wire is presented in array form to which is added some decoded
data.  That is retained only for the life of the packet - next packet it is
gone.  Other data, for say, defragmentation or desegmentation, is stored
elsewhere for a longer time.





------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel


------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: