[Snort-devel] Protocol plugin
Jeremy F Stephens
stephensj at ...2154...
Mon Sep 1 17:34:05 EDT 2003
On my network, I set up a snort daemon to track traffic (among other
things, of course), and every week a cron job runs that sends snort's
internal statistics to root's mail account. I noticed that more than
half of the traffic on my network is included in the "OTHER" protocol
category. I did a tcpdump, and I found that I'm getting packets on the
'snap' protocol and one other protocol that I can't remember off hand.
So, is it possible to write a plugin that handles these other
protocols? I noticed in the snort documentation that it only handles 4
More information about the Snort-devel