Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using DNS response fields in an alert msg

From: "lists () packetmail net" <lists () packetmail net>
Date: Wed, 7 Jan 2015 08:31:15 -0600
On 01/07/2015 08:05 AM, lists () packetmail net wrote:

Sadly, for this use case this is simply something that Snort is not capable of
doing.


Optionally, with Snort (if you'd prefer it over Suricata) you could try Unified
format and parsing the raw packet data but that's a little messy... other than
that I'm not sure how to address this valid use case.  Perhaps others on the
list have alternative solutions.

Cheers,
Nathan


------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: