[Snort-devel] snort and preprocessors

antonat antonat at ...1996...
Mon Jul 28 16:54:05 EDT 2003


i have two questions :

a)for every packet that it comes we perform a setwise content-match and
then we check for the header? if so, when keywords like flow are examined?

b)when i enable stream4 the packet is first given to preprocessor.
afterwards the detect() function is called. so all packets which are part
of a stream are also being examined independently?

Antonatos Spyros




More information about the Snort-devel mailing list