Snort mailing list archives
Re: basic understanding questions
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Tue, 16 Sep 2014 12:02:51 +0000
This sounds like a homework assignment. Is this an assignment from a University? -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos On Sep 16, 2014, at 4:08 AM, amir levinzon <amir.h.univ () gmail com<mailto:amir.h.univ () gmail com>> wrote: [https://mail.google.com/mail/images/cleardot.gif] Hey all , I'm trying to program a small sniffer that will be using the structure of snort rules. I want it to be very small so I need rally compact code(I will use C probably ). So i wanted to know two things . A. is there a place the specific which of the snort rules are the most usefull, meaning what are the most pupullar "packets" that will be detect for the avrege web user? for the begining somthing about 20 rules will be enouge . B. I need to parse the rules into a data structure .I search in forums but i havn't found what is the actual structure that snort use and how the packet is being parse so it "feets" the strcuture of the rule....can somone recommend on data structure ? about parser? Best regards, Any help will be greatly appreciated Amir ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- basic understanding questions amir levinzon (Sep 16)
- Re: basic understanding questions Joel Esler (jesler) (Sep 16)
- Re: basic understanding questions amir levinzon (Sep 16)
- Re: basic understanding questions waldo kitty (Sep 16)
- Re: basic understanding questions amir levinzon (Sep 16)
- Re: basic understanding questions Joel Esler (jesler) (Sep 16)