Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SnortSP: Writing an analyzer in Lua

From: Tako Chanz <tako_chanz () hotmail com>
Date: Mon, 4 Jul 2011 23:48:08 +0000

Hi Martin,

Got sometime to draft some outline for me?? I really need your help to move forward.


Thanks,
Tako

Date: Tue, 28 Jun 2011 13:39:37 -0400
Subject: Re: [Snort-devel] SnortSP: Writing an analyzer in Lua
From: roesch () sourcefire com
To: tako_chanz () hotmail com
CC: snort-devel () lists sourceforge net

Hi Tako,
I'm in meetings all day but I'll try to answer your question ASAP.

On Mon, Jun 27, 2011 at 8:33 PM, Tako Chanz <tako_chanz () hotmail com> wrote:






Hi all,

Maybe I'm double posting but I saw two dev mailing list and I really need some guidance.

After studied the snort.lua and snort_funcs.lua, I'm still stuck on
how a packet passed to lua's callback function.

 
Is there any doc describing the params for the function: lua_analyzer
(buf, offset, proto, dport)?
 
It seems that the lua_analyzer is dealing packet above the IP layer.
Is it possible to inspect the link or network layer using Lua?

 
My goals:
 
- Using Lua to write an analyzer and inspect any layer(ether, IP, tcp/
udp).
- Drop packets base on some simple matching condition
 
I really need some directions or docs from you all.

 
 
Thanks in advance,
Tako                                      

------------------------------------------------------------------------------

All of the data generated in your IT infrastructure is seriously valuable.

Why? It contains a definitive record of application performance, security

threats, fraudulent activity, and more. Splunk takes this data and makes

sense of it. IT sense. And common sense.

http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________

Snort-devel mailing list

Snort-devel () lists sourceforge net

https://lists.sourceforge.net/lists/listinfo/snort-devel




-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com

Snort: Open Source IDP - http://www.snort.org

                                          
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: