telnet session reassembly with stream4

[Ned <gned () mpx com au>]

Hi everyone,

I'm trying to use stream4 to reassemble a telnet session into one 
uberpacket, and to then perform some statistical analysis on the data. I 
have written a preprocessor that passes all reassembled packets to a 
function that does this analysis, and doesn't do anything with the rest of 
the packets.

I'm using the condition (p->packet_flags & PKT_REBUILT_STREAM) to decide 
whether to call the analysis function or not. The problem I'm having is 
that when I run snort on telnet captures the condition above never 
evaluates to true. For the other 10 protocols I'm analysing, I haven't had 
this problem.

Does anybody know what could be causing this?


cheers,

Ned




-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users