Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: About README.UNSOCK

From: WangChuang <chuck.wang () live cn>
Date: Fri, 15 Nov 2013 15:23:03 +0800
Hi,
Thanks for your response. Actually I'd like to parse out the 5-tuple(src ip, src port,dest ip, dest port) plus alert 
message from the Unix socket. I noticed that the Alertpkt struct has been redefined in Snort 2.9.5.5, because the new 
version of snort will use daq, so there is struct pcap_pkthdr32 pkth in it. What's more, the uint8_t pkt is [65535] 
size now, whereas it is [1518] in the earlier version. Will those cause the troubles to do with the unix-sock parse 
out? 
And I enclose the url of my program parser.c here: 
https://drive.google.com/file/d/0B9ry03pvjujlSXFNbFh3NTJicFU/edit?usp=sharingYou need to run snort �CA unsock first and 
then compile and run the parser. However my program still cannot parse out the 5-tuple. I don't know why. It will be 
very kind if you guys can take a look. Thanks a lot.

--------------------------
Wang Chuang
Email:Chuck.Wang () live cn
Phone:+886-988492270
Address:R705, General Building II, National Tsing Hua University, 
No. 101, Section 2, Kuang-Fu Road, Hsinchu, Taiwan 30013, R.O.C.

Date: Thu, 14 Nov 2013 08:54:29 -0500
Subject: Re: [Snort-devel] About README.UNSOCK
From: bbantwal () sourcefire com
To: chuck.wang () live cn
CC: snort-devel () lists sourceforge net

Try ./src/snort.h

On Tue, Nov 12, 2013 at 5:11 AM, WangChuang <chuck.wang () live cn> wrote:




Hi there, 
In the README.UNSOCK, you give an example of using unsock, but i cannot find snort.h file, and this caused an compile 
error

#include "snort.h"


Could you pls help.Thanks.
--------------------------
Wang Chuang
Email:Chuck.Wang () live cn
Phone:+886-988492270

Address:R705, General Building II, National Tsing Hua University, 
No. 101, Section 2, Kuang-Fu Road, Hsinchu, Taiwan 30013, R.O.C.                                          

------------------------------------------------------------------------------

DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps

OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access

Free app hosting. Or install the open source package on any LAMP server.

Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!

http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________


Snort-devel mailing list

Snort-devel () lists sourceforge net

https://lists.sourceforge.net/lists/listinfo/snort-devel

Archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel



Please visit http://blog.snort.org for the latest news about Snort!

                                          
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: