Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Again snort and unixsocket

From: TSauter () gmx net
Date: Sun, 25 Nov 2001 22:47:02 +0100 (MET)

Hello snort-users,

first, thanks for all replies to my previous post. After some probs and
manuals,
I've got now the following code:

<snip>
        Alertpkt alert;
        while((connfd = recvfrom(sockfd, &alert, sizeof(alert), 0,
                (struct sockaddr *) &adresse, (socklen_t *) &adrlen)) > 0)
        {
                Packet *p;
                p = (void *)&alert.pkt;

                printf("%s [%d]\n", alert.alertmsg, alert.event.event_id);
                printf("%d->%d\n", p->sp, p->dp);
                fflush(NULL);
        }
</snip>

With this code-snipset I got only the snort alert message, but no packet
infos like ip-addresses or ports. I think all infos should stored in
"alert.pkt", with is simply an pointer to a Packet-structur (decode.h). But how can I
use this infos in my program.

The code below works, but the pkt structur seems to be empty.

Where is my mistake?
Any hints?

Thanks
Thorsten

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: