[Snort-devel] Stream5 Question

Nigel Houghton nigel at ...402...
Mon Jul 7 13:37:17 EDT 2008


On Mon, 7 Jul 2008 13:16:06 -0400
"snort user" <snort.user at ...2499...> wrote:

> Hello and Greetings
> 
> Stream5 has been in snort for quite sometime now, I am assuming that
> it is as stable as stream4
> (correct me if I am wrong)
> 
> Having noted that, what are the features that are present in one and
> not the other?
> 
> The obvious addition in stream5 is the 'target based reassembly'.
> I checked the READMEs and did not find anything else standing out.

Right at the top of README.stream5:

"Overview
 ========
 The Stream5 preprocessor is a target-based TCP reassembly module
 for Snort.  It is intended to replace both the Stream4 and flow 
 preprocessors, and it is capable of tracking sessions for both
 TCP and UDP.  With Stream5, the rule 'flow' and 'flowbits' keywords
 are usable with TCP as well as UDP traffic."

-- 
Nigel Houghton
Resident Hooligan
SF VRT




More information about the Snort-devel mailing list