[Snort-devel] Testing plugins
rvmcmil at ...1029...
Fri Jan 4 09:16:02 EST 2002
I wrote some code for Snort that allows it to receive packets from iptables,
and I am trying to test the plugins to ensure the Snort functionality was
not lost. I know the portscan preprosessor and output plugins work because
I've seen them in action, but is there a good way to tell if the other
preprosessor plugins are working properly (i.e. frag2, stream2, stream4,
stream4_reassemble, http_decode, rpc_decode, bo, telnet_decode)?
I also wrote a function that will set the drop packet flag so any plugin can
decide if a packet should be dropped.
Thanks in advance,
More information about the Snort-devel