[Snort-devel] HTTP packet sniffing

npkg at ...1093... npkg at ...1093...
Mon Jan 28 02:44:04 EST 2002


Hello Everyone,
        I am trying to build an appication that would sniff a particular
e-mail id's HTTP content transfer.
                More specifically, the objective would be to sniff the
transfer of the content of  a particular e-mail id. It is also necessary to
log the session of the particular e-mail id. The content filtering option
available in Snort would only sniff packets for a particular content. And in
the case of sniffing a particular e-mail id's transfer, especially if on a
public mail server,like hotmail.com or yahoo.com, SMTP rules cannot be
applied.          The sp_pattern_match.c , plugin , does filtering based on the
content of a particular packet. But, the objective here is to find that a
particular person with the e-mail id has logged in and then start sniffing
and logging the packet.
          I guess that, adding a preprocessor module that would look for a
particular e-mail id in a transfer and start sniffing all the packets for
that session and logging them is required.
        Can anyone help me on this project ?
                                       Thanks in advance
                                                         Gangadhar



-----------------------------------------
This email was sent using SquirrelMail.
   "Webmail for nuts!"
http://squirrelmail.org/






More information about the Snort-devel mailing list