Snort mailing list archives
Re: SnortSP: Writing an analyzer in Lua
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 28 Jun 2011 13:39:37 -0400
Hi Tako, I'm in meetings all day but I'll try to answer your question ASAP. On Mon, Jun 27, 2011 at 8:33 PM, Tako Chanz <tako_chanz () hotmail com> wrote:
Hi all, Maybe I'm double posting but I saw two dev mailing list and I really need some guidance. After studied the snort.lua and snort_funcs.lua, I'm still stuck on how a packet passed to lua's callback function. Is there any doc describing the params for the function: lua_analyzer (buf, offset, proto, dport)? It seems that the lua_analyzer is dealing packet above the IP layer. Is it possible to inspect the link or network layer using Lua? My goals: - Using Lua to write an analyzer and inspect any layer(ether, IP, tcp/ udp). - Drop packets base on some simple matching condition I really need some directions or docs from you all. Thanks in advance, Tako ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- SnortSP: Writing an analyzer in Lua Tako Chanz (Jun 27)
- Re: SnortSP: Writing an analyzer in Lua Martin Roesch (Jun 28)