Snort mailing list archives

Previous By Date Next
Previous By Thread Next

http_inspects post_depth

From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Fri, 03 Jun 2011 17:43:29 +0000
Kind of wondering about this from the 2.9.0.5 manual:

---SNIP---
11. post_depth <integer>
This specifies the amount of data to inspect in a client post message. 
The value can be set from -1 to 65495. The default value is -1. A value 
of -1 causes Snort to ignore all the data in the post message. 
Inversely, a value of 0 causes Snort to inspect all the client post 
message. This increases the performance by inspecting only specified 
bytes in the post message.
---SNIP---

I'm trying to wrap my head around the wording of this. Does this 
effectively mean 0 = 65495? Or does setting the value to 0 cause 
inspection of all of it beyond the 65495 buffer range?

-- Eoin

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today. 
http://p.sf.net/sfu/quest-dev2dev2 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: