Re: Modifying DNP3 Content

["Russ Combs \(rucombs\) via Snort-devel" <snort-devel () lists snort org>]

Hey Chamara,

You will have better luck with Snort 3.  You can open a pull request at https://github.com/snort3/snort3.git.

This is a non-trivial change to do in.a generic way and it would be low priority but we will take a look and get back 
to you.

Thanks
Russ

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Chamara Devanarayana via Snort-devel 
<snort-devel () lists snort org>
Reply-To: Chamara Devanarayana <Chamara () rtds com>
Date: Wednesday, September 18, 2019 at 5:02 PM
To: "snort-devel () lists snort org" <snort-devel () lists snort org>
Subject: [Snort-devel] Modifying DNP3 Content

Hi,
I tried to use SNORT inline to modify DNP3 application data. Although SNORT modified the data it did not modify the CRC 
which is there after the first 8 bytes and then after each 16 bytes. Therefore, there was a CRC error at the DNP3 
Master. I modified the sp_replace to handle this and it was working after that. Is it possible to contribute the 
changes that I made in the SNORT repo? If so what is the procedure for doing so?
Thanks,
Best regards,
Chamara Devanarayana
Simulation Specialist
RTDS Technologies Inc.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!