Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: About Sort Pattern Matching

From: "Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>
Date: Mon, 16 Sep 2019 14:44:53 +0000
Did you configure profiling?  You want to look at mpse for fast pattern searching and/or content for rule option eval.

Are you asking about Snort 2 or Snort 3?  Content option matching is done via MPSE searches if fast pattern only, or 
via the content option itself otherwise.  So what part are you interested in?

More details gets more info.

Russ

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Mûħąɱɱɐɖ Yăşїѓ via Snort-devel <Snort-devel () 
lists snort org>
Reply-To: Mûħąɱɱɐɖ Yăşїѓ <yesii.gomalian () gmail com>
Date: Friday, September 13, 2019 at 3:18 AM
To: "Snort-devel () lists snort org" <Snort-devel () lists snort org>
Subject: [Snort-devel] About Sort Pattern Matching

Dear All,
Can you guys tell me where exactly [function in which file] does snort performs "content" option match of a rule with 
input packet data? I have disabled all the rules but one in local.rules which has "content:Bahria" rule option and want 
to calculate time for that single match against varying length packets.

--
Regards,
Muhammad Yasir

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: