[Snort-devel] snort and preprocessors
antonat at ...1996...
Mon Jul 28 16:54:05 EDT 2003
i have two questions :
a)for every packet that it comes we perform a setwise content-match and
then we check for the header? if so, when keywords like flow are examined?
b)when i enable stream4 the packet is first given to preprocessor.
afterwards the detect() function is called. so all packets which are part
of a stream are also being examined independently?
More information about the Snort-devel