svf_rebell at ...224...
Fri Feb 3 01:44:01 EST 2006
i recently ran into the same problem like the one described in this
Summary: i've got full knowlegde(maybe some payload missing) of a packet
and need snort to analyze it. Two solutions were discussed in the thread:
1. craft a packet out of the info and kinda "replay" it snort the normal way
2. modify decode.c for my needs.
So before making my decision and start - i just want to make sure that
there is no thing like an input-module/input-interface where i can
easily inject a packet into snort.
Others solutions/ideas are welcome.
Thanks for all replies and sorry for my bad english ;)
More information about the Snort-devel