Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Sessionised data in preprocessors

From: apple cake <cakeblaster () gmail com>
Date: Wed, 10 Aug 2011 00:26:11 +1000
When developing a snort preprocessor I have been accessing network data
through the 'packet' data structure. I assume that this data is not the
content of a session but just the just the content of a single packet. The
pattern I am seeking to detect could be spread across multiple packets. Is
sessionised data exposed to my preprocessor in any way? How can I access it
and are there any are caveats?

Thanks in advance.

cakeblaster.

------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model 
configuration take the hassle out of deploying and managing Subversion and 
the tools developers use with it. Learn more about uberSVN and get a free 
download at:  http://p.sf.net/sfu/wandisco-dev2dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: