[Snort-devel] Trying to develope a preprocessor
raymondpun80 at ...445...
Fri Nov 19 10:49:05 EST 2004
I would like to develop a preprocessor, and therefore I am trying to
familiar myself with snort and some other preprocessor.
I try to understand the telnet negotiation preprocessor but I have some
doubts. I guess what the preprocessor is trying to do is replacing some
characters in the data. But I am not quite understand what is
"DecodeBuffer". When data is written on DecodeBuffer, what will happen?
Will it be written into p->data eventually? Is DecodeBuffer a general buffer
that will be used to replace p->data?
Besides, could someone teach me how to generate an alert and how to printout
message to console if snort is run with sth like "snort -dev -A fast" ?
Many many thanks.
More information about the Snort-devel