Snort mailing list archives
Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets
From: Amtul Saboor <saboor.amtul () gmail com>
Date: Fri, 20 Jun 2014 00:42:40 +0500
Thank you Steven , I have looked at this but can you guide me about how to write a piece of code for knowing whether the incoming packet belongs to TCP , UDP or ICMP protocol . Kind Regards On Thu, Jun 19, 2014 at 11:35 PM, Steven Sturges < steve.sturges () sourcefire com> wrote:
The data you're looking for is within the SFSnortPacket struct... typedef struct _SFSnortPacket { ... const TCPHeader *tcp_header, *orig_tcp_header; const UDPHeader *udp_header, *orig_udp_header; const UDPHeader *inner_udph; /* if Teredo + UDP, this will be the inner UDP header */ const UDPHeader *outer_udph; /* if Teredo + UDP, this will be the outer UDP header */ const ICMPHeader *icmp_header, *orig_icmp_header; ... On 6/19/14, 1:09 PM, Amtul Saboor wrote:Hello I am trying to make some changes in snort sample prperocessor dpx , i have read the following information from snort manual online: /4.1.4 SFSnortPacket/ /*The SFSnortPacket structure mirrors the snort Packet structure and provides access to all of the data contained in a given packet.*/ /*It and the data structures it incorporates are defined in sf_snort_packet.h. Additional data structures may be defined to reference other protocol fields. Check the header file for the current definitions.*/ _Source: http://manual.snort.org/node38.html <http://manual.snort.org/node38.html>_ I want to output the average number of TCP Syn, UDP and ICMP PAcketsreceived per second, I have gone through this file sf_snort_packet.h , but i am unable tolocate the exact data structure that deals with incoming TCP Syn, ICMPand UDP packets. I just need these3 data structures to make the desired variation. Any one would be appreciated. Thanks Regards Amtul ------------------------------------------------------------ ------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
-- *Amtul Saboor* *MS (Information Security)* *Military College of Signals, National University of Science & Technology, Rawalpindi* *Pakistan*
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Amtul Saboor (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Steven Sturges (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Amtul Saboor (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Steven Sturges (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Amtul Saboor (Jun 19)
- Re: snort sFsnortPakcet header file to count TCP, ICMP and UDP packets Steven Sturges (Jun 19)