Snort mailing list archives
server_flow_depth
From: jorbru30 () comcast net
Date: Sun, 11 Nov 2012 20:38:17 +0000 (UTC)
Hi Everyone, I understand that HTTP "server_flow_depth" specifies the maximum amount of payload snort detection engine inspects per flow. Thus more packets are inspected per flow if this value is higher. I want to understand how "server_flow_depth" affects the detection engine pattern matching process? For instance if server_flow_depth is set to 5KB, does snort rebuild packets until it captures 5KB, and initiates pattern matching on the entire payload that is assembled from the flow packets? Or does it just inspect each packet separately and doesn't assemble packets at all? I appreciate if anyone can explain the pattern matching process with respect HTTP "server_flow_depth" in more detail. Thanks! Jordan.
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- server_flow_depth jorbru30 (Nov 11)
- Re: server_flow_depth jorbru30 (Nov 13)
- Re: server_flow_depth 薛永刚 (Nov 13)
- Re: server_flow_depth jorbru30 (Nov 13)