[Snort-devel] How to generate fake Packets?

Salvo Danilo Giuffrida salvodanilogiuffrida at ...2499...
Mon Jun 30 04:17:01 EDT 2008


Hello, to try to solve the problems I have in generating alerts, I'm
exploring the possibility of creating a 'fake' packet when I want to
generate one, and then call 'SetEvent' and 'CallAlertFuncs' to
generate an Event and tie it to the fake packet, so maybe I'll be able
to see alerts as soon as I generate them, not only when I quit Snort,
and only at the maximum value configured in the snort.conf file....
So, apart from manually filling a Packet structure, is there any
simpler way to generate a fake packet in Snort (by 'fake' I mean a
packet that for example has the same source and destination, like
127.0.0.1 or 0.0.0.0)?
Thanks a lot




More information about the Snort-devel mailing list