[Snort-devel] plugin idea

Sergey Lyubka devnull at ...2232...
Fri Apr 2 00:22:11 EST 2004


What do you think about this:
making a plugin that stores all, say, tcp session from the very first packet
to the very last for some rules.
example: you have a match, say, in some smtp rule. The beginning of the
stream with smtp headers already lost, as well as lost all subsequent
packets. So you mark that smtp rule with some keyword, and when it is
matched, full stream is saved say in pcap file for further investigation.

On Thu, Apr 01, 2004 at 08:42:27PM +0200, Piotr Kowalczyk wrote:
> Hello World\n
> University as fast as possible), please. 
> I'd be _extremely_ grateful, 
> and thank you in advance
> 
> 	Piotr Kowalczyk
> 




More information about the Snort-devel mailing list