[Snort-devel] [ekr at ...168...: Re: format string in ssl dump]

Eric Rescorla ekr at ...168...
Sat Dec 16 18:49:35 EST 2000


> I am not sure that I quite understand what you are wanting to do, but
> from the messages I've seen, I think that there may be some overlap with
> my work.  Let me run it past you and get your feedback.
Probably the first question to ask is what Fyodor had in mind when he
suggested that I "integrate ssldump into snort"?

I had sort of assumed that the idea here would be that I would
modularize ssldump in such a way that snort's packet acquisition
engine could pass packets to ssldump for interpretation/expansion
and then pass the expanded view to the intrusion detection engine.

Fyodor, is this what you had in mind?

-Ekr

[Eric Rescorla                                   ekr at ...168...]




More information about the Snort-devel mailing list