Re: Regular Expression Matching in Snort Rules

[Mitesh Jadia <mitesh.jadia () gmail com>]

As per my knowledge state machine is no build for pcre. It is only generated for contents.

That is why best practice to write a signature is first try to match a content and after that write pcre keyword.

-- Mitesh

 
 *** This message has been sent using E3 Mobile ***

Venkataramesh Bontupalli <bontupalliv1 () udayton edu> wrote:

> Dear Snort-Users,
>
>
> I am trying to understand how does snort perform the regular expression matching i.e the PCRE option in the snort 
> rules.
>
> However, through the literature study I understood that Snort generates a Finite State Machine (FSM) during the 
> compilation. 
>
>
> Could any one let me know what kind of FSM it generated? 
> Is it Deterministic Finite Automata (DFA) or Non Deterministic Finite Automata (NFA) ?
>
>
> Any help is highly appreciated.
>
>
> Thanks and Regards,
>
> VenkataRamesh
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!