[Snort-devel] Sessionised data in preprocessors

apple cake cakeblaster at ...2499...
Tue Aug 9 10:26:11 EDT 2011


When developing a snort preprocessor I have been accessing network data
through the 'packet' data structure. I assume that this data is not the
content of a session but just the just the content of a single packet. The
pattern I am seeking to detect could be spread across multiple packets. Is
sessionised data exposed to my preprocessor in any way? How can I access it
and are there any are caveats?

Thanks in advance.

cakeblaster.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110810/b1faf637/attachment.html>


More information about the Snort-devel mailing list