Snort mailing list archives
Custom Input of packets into Snort
From: David Bramer <david.bramer () gmail com>
Date: Sat, 21 May 2011 22:06:11 +0100
Hi, Due to legacy reasons I receive packets encapsulated in a custom format created by my company. What I want to do is hack snort so that I can listen on a network interface, decapsulate the input (This is easy) and pass the packet into snort. I've been looking at the source as how best to achieve this. I've considered modifying the -r option used for single pcap file which calls PQ_Single, alternatively creating something that calls PQ_Multi. Am I on the right tracks or is there something better that I can do, for instance I have read a little about preprocessors, are those something that would allow me to decapsulate the stuff I get? Cheers David ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Custom Input of packets into Snort David Bramer (May 21)
- Re: Custom Input of packets into Snort Russ Combs (May 21)