[Snort-devel] Protocol plugin

Jeremy F Stephens stephensj at ...2154...
Mon Sep 1 17:34:05 EDT 2003


Hi,

On my network, I set up a snort daemon to track traffic (among other 
things, of course), and every week a cron job runs that sends snort's 
internal statistics to root's mail account.  I noticed that more than 
half of the traffic on my network is included in the "OTHER" protocol 
category.  I did a tcpdump, and I found that I'm getting packets on the 
'snap' protocol and one other protocol that I can't remember off hand.  
So, is it possible to write a plugin that handles these other 
protocols?  I noticed in the snort documentation that it only handles 4 
different kinds.





More information about the Snort-devel mailing list