Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to debugging on Snort?

From: James via Snort-devel <snort-devel () lists snort org>
Date: Fri, 18 May 2018 08:38:31 +0300
Please unsubscribe


On Fri, 18 May 2018 at 05:17 Al Lewis (allewi) via Snort-devel <
snort-devel () lists snort org> wrote:


Hello,



     To debug…  use GDB.



https://www.gnu.org/software/gdb/





*Albert Lewis*

ENGINEER.SOFTWARE ENGINEERING

Cisco Systems Inc.

Email: allewi () cisco com



*From: *Snort-devel <snort-devel-bounces () lists snort org> on behalf of
İzzettin Erdem via Snort-devel <snort-devel () lists snort org>
*Reply-To: *İzzettin Erdem <root.mch () gmail com>
*Date: *Thursday, May 17, 2018 at 10:11 PM
*To: *"snort-devel () lists snort org" <snort-devel () lists snort org>
*Subject: *[Snort-devel] How to debugging on Snort?



Hello Everyone ,



I want to debug Snort but I didn't find something help me. Actually I want
to learn that: Packets come in to network and Snort catches them. After
that, Snort checks packets by rules. How can I see what Snort checks at a
time and output of this check process?



Example check process for packet P1;



Searching for :

   content:"sa"

   offset:5

depth:10



output -> found or 1



continue to check packet p1:



content: "|02|"

offset: 33

depth: 45

.

.

.



output -> not found or 0
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: