Snort mailing list archives
Sessionised data in preprocessors
From: apple cake <cakeblaster () gmail com>
Date: Wed, 10 Aug 2011 00:26:11 +1000
When developing a snort preprocessor I have been accessing network data through the 'packet' data structure. I assume that this data is not the content of a session but just the just the content of a single packet. The pattern I am seeking to detect could be spread across multiple packets. Is sessionised data exposed to my preprocessor in any way? How can I access it and are there any are caveats? Thanks in advance. cakeblaster.
------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Sessionised data in preprocessors apple cake (Aug 15)