Snort mailing list archives

Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets

From: Steven Sturges <steve.sturges () sourcefire com>
Date: Thu, 19 Jun 2014 15:48:53 -0400

If one of those pointers is set...

On 6/19/14, 3:42 PM, Amtul Saboor wrote:

Thank you Steven , I have looked at this but can you guide me about how
to write a piece of code for knowing whether the incoming packet belongs
to TCP , UDP or ICMP protocol .

Kind Regards


On Thu, Jun 19, 2014 at 11:35 PM, Steven Sturges
<steve.sturges () sourcefire com <mailto:steve.sturges () sourcefire com>> wrote:

    The data you're looking for is within the SFSnortPacket struct...

    typedef struct _SFSnortPacket
    {
    ...
          const TCPHeader *tcp_header, *orig_tcp_header;
          const UDPHeader *udp_header, *orig_udp_header;
          const UDPHeader *inner_udph;   /* if Teredo + UDP, this will
    be the
    inner UDP header */
          const UDPHeader *outer_udph;   /* if Teredo + UDP, this will
    be the
    outer UDP header */
          const ICMPHeader *icmp_header, *orig_icmp_header;
    ...


    On 6/19/14, 1:09 PM, Amtul Saboor wrote:

        Hello

        I am trying to make some changes in snort sample prperocessor
        dpx , i
        have read the following information from snort manual online:


             /4.1.4 SFSnortPacket/

        /*The SFSnortPacket structure mirrors the snort Packet structure and
        provides access to all of the data contained in a given packet.*/

        /*It and the data structures it incorporates are defined in

        sf_snort_packet.h. Additional data structures may be defined to
        reference other protocol fields. Check the header file for the
        current
        definitions.*/

        _Source: http://manual.snort.org/__node38.html
        <http://manual.snort.org/node38.html>
        <http://manual.snort.org/__node38.html
        <http://manual.snort.org/node38.html>>_


                    I want to output the average number of TCP Syn, UDP
                    and ICMP PAckets received per second, I  have gone
                    through this file sf_snort_packet.h , but i am unable to

        locate the exact data structure that deals with incoming TCP
        Syn, ICMP
        and UDP packets. I just need these3 data structures to make the
        desired
        variation.

        Any one would be appreciated. Thanks


        Regards
        Amtul


        ------------------------------__------------------------------__------------------
        HPCC Systems Open Source Big Data Platform from LexisNexis Risk
        Solutions
        Find What Matters Most in Your Big Data with HPCC Systems
        Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
        Leverages Graph Analysis for Fast Processing & Easy Data Exploration
        http://p.sf.net/sfu/__hpccsystems <http://p.sf.net/sfu/hpccsystems>



        _________________________________________________
        Snort-devel mailing list
        Snort-devel@lists.sourceforge.__net
        <mailto:Snort-devel () lists sourceforge net>
        https://lists.sourceforge.net/__lists/listinfo/snort-devel
        <https://lists.sourceforge.net/lists/listinfo/snort-devel>
        Archive:
        http://sourceforge.net/__mailarchive/forum.php?forum___name=snort-devel
        <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel>

        Please visit http://blog.snort.org for the latest news about Snort!




--
*Amtul Saboor*
/MS (Information Security)
/
/Military College of Signals, National University of Science &
Technology, Rawalpindi
/
/Pakistan
/


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Amtul Saboor (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Steven Sturges (Jun 19)
  - Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Amtul Saboor (Jun 19)
    - Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Steven Sturges (Jun 19)