[Snort-devel] Sessionised data in preprocessors
cakeblaster at ...2499...
Tue Aug 9 10:26:11 EDT 2011
When developing a snort preprocessor I have been accessing network data
through the 'packet' data structure. I assume that this data is not the
content of a session but just the just the content of a single packet. The
pattern I am seeking to detect could be spread across multiple packets. Is
sessionised data exposed to my preprocessor in any way? How can I access it
and are there any are caveats?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel