[Snort-devel] Preprocessor portscan & ip datagram

Jean-Philippe Grenier jgrenier at ...177...
Fri Jan 12 16:23:10 EST 2001


I would like to know why the preprocessor portscan doesn't put 
the ip datagram in the Alertpkt, when reading from a unix 
socket (in function UnixSockAlert). 

Could it put in Alertpkt the ip datagram of the last packet that 
triggered the portscan alert ?

Is there a reason why it should not ?


Thanks, Jean-Philippe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20010112/6dae2f42/attachment.html>


More information about the Snort-devel mailing list