[Snort-devel] Session statistic data collection
snort at ...1266...
Tue May 7 07:53:04 EDT 2002
I'm wrinting a snort plugin for statistical traffic analysis. For this
reason I'm using data extracted by spp_stream4 plugin through p->ssnptr
The problem is that I have to generate data on a time "trend basis", for
example I've got to calculate the average value of window (so:
sum(ssn->server->win_size)/(ssn->server->num_pkts)) or the "empty
packets rate" and so on... (Cfr. Winke Lee PhD thesis)
p->ssnptr points to the session data of the actual packet (p), but
doesn't contain any information regarding the session trend (except
pkts_sent and bytes_sent). I wouldn't like to let my plugin store past
sessions data since this would waste a lot of memory and "make something
already made by spp_stream4 plugin"; in this case I halso would have to
check for correct handshakes and session openings/closures... All things
already made by spp_stream4...
At the sime time I wouldn't like to modify spp_stream4 code... (I
would like my plugin to be spp_stream4 version independent).
What do you suggest?
Thanks and kind regards,
"Our real illiteracy is our inability to create"
More information about the Snort-devel