[Snort-devel] Access to the raw data of packets from SFSnortPacket structure

Russ Combs rcombs at ...402...
Wed Feb 1 10:05:43 EST 2012


pkt_data gives you the the raw packet, starting with the outermost header.

payload gives you the start of data after any decoded headers.

On Tue, Jan 31, 2012 at 3:36 AM, <romain at ...3247...> wrote:

> Hello,
>
> I would like to develop a snort preprocessor that require access to the
> raw data of a packet, as an array of bytes for example.
> With this preprocessor, I have access to the SFSnortPacket structure but
> I couldn't find the right field in this structure that point to the
> data.
> I was thinking of pkt_data but according to my tests, it does not seem
> to be that.
>
> Do you have any suggestions ?
>
> Thanks,
> Romain
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120201/cfa5324f/attachment.html>


More information about the Snort-devel mailing list