Re: Is there a snort/libnids alternative

[Chris Green <greencm () gmail com>]

On Mon, Oct 15, 2012 at 4:43 AM, <elof () sentor se> wrote:

> I'm looking for exactly the same thing as libnids.
>
> The main thing missing in libnids is continued reassembly of tcp-flows
> even though there are SPAN packet drops.

You need to look at Bro scripts, Suricata preprocessor(?) or Snort
preprocessor.  All of these deal with mid-stream issues on some level via
their TCP engines.   The only big different to libnids is the program
perspective of is it a small part of your program or is your program part
of theirs.


-- 
Chris Green <greencm () gmail com>

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!