[Snort-devel] where does snort save the data packet it has captured in the source code

Russ Combs rcombs at ...402...
Tue Sep 7 10:09:39 EDT 2010


On Tue, Sep 7, 2010 at 5:50 AM, 刘昆 <liukunmeister at ...3054....> wrote:

> where does snort save the data packet it has captured .My meaning is
> the location in the source code,an array or anything else?
>

Your question is pretty open ended.  Look at decode.c.  Actual packet data
from the wire is presented in array form to which is added some decoded
data.  That is retained only for the life of the packet - next packet it is
gone.  Other data, for say, defragmentation or desegmentation, is stored
elsewhere for a longer time.

>
>
>
> ------------------------------------------------------------------------------
> This SF.net Dev2Dev email is sponsored by:
>
> Show off your parallel programming skills.
> Enter the Intel(R) Threading Challenge 2010.
> http://p.sf.net/sfu/intel-thread-sfd
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100907/e751ba4d/attachment.html>


More information about the Snort-devel mailing list