Snort mailing list archives
Re: SnortSP: Writing an analyzer in Lua
From: Tako Chanz <tako_chanz () hotmail com>
Date: Mon, 4 Jul 2011 23:48:08 +0000
Hi Martin, Got sometime to draft some outline for me?? I really need your help to move forward. Thanks, Tako Date: Tue, 28 Jun 2011 13:39:37 -0400 Subject: Re: [Snort-devel] SnortSP: Writing an analyzer in Lua From: roesch () sourcefire com To: tako_chanz () hotmail com CC: snort-devel () lists sourceforge net Hi Tako, I'm in meetings all day but I'll try to answer your question ASAP. On Mon, Jun 27, 2011 at 8:33 PM, Tako Chanz <tako_chanz () hotmail com> wrote: Hi all, Maybe I'm double posting but I saw two dev mailing list and I really need some guidance. After studied the snort.lua and snort_funcs.lua, I'm still stuck on how a packet passed to lua's callback function. Is there any doc describing the params for the function: lua_analyzer (buf, offset, proto, dport)? It seems that the lua_analyzer is dealing packet above the IP layer. Is it possible to inspect the link or network layer using Lua? My goals: - Using Lua to write an analyzer and inspect any layer(ether, IP, tcp/ udp). - Drop packets base on some simple matching condition I really need some directions or docs from you all. Thanks in advance, Tako ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Re: SnortSP: Writing an analyzer in Lua Tako Chanz (Jul 04)