[Snort-devel] Testing plugins

Rob McMillen rvmcmil at ...1029...
Fri Jan 4 09:16:02 EST 2002


I wrote some code for Snort that allows it to receive packets from iptables,
and I am trying to test the plugins to ensure the  Snort functionality was
not lost.  I know the portscan preprosessor and output plugins work because
I've seen them in action, but is there a good way to tell if the other
preprosessor plugins are working properly (i.e. frag2, stream2, stream4,
stream4_reassemble, http_decode, rpc_decode, bo, telnet_decode)?

I also wrote a function that will set the drop packet flag so any plugin can
decide if a packet should be dropped.

Thanks in advance,

Rob





More information about the Snort-devel mailing list