[Snort-devel] Snort Beginner

Russ Combs rcombs at ...402...
Mon Mar 5 10:35:27 EST 2012


At a high level, yes, it is the same path, through the DAQ.  The pcap DAQ
in particular can read from file or from interface and there is very little
difference between the two except for the pcap library call.

On Sat, Mar 3, 2012 at 3:13 PM, Anju Jyothish <anjupanicker.ms at ...2499...>wrote:

> Hi,I have a question. When snort reads packets from a pcap file, does it
> follow a different path; or is it processed in the same manner as a packet
> from the ethernet/
>
> Thanks,
> Anju
> On Wed, Jan 4, 2012 at 12:26 PM, Anju Jyothish <anjupanicker.ms at ...2499...>wrote:
>
>> Hello,
>>
>> I am working on a project with snort. According to Martin there is no
>> documentation in snort that would help developers. He advised me to ask
>> specific questions to the team.
>>
>> Here is my problem. I want to collect the grouped packets in
>> group-specific buffers, collect the rule contents applicable to those
>> packets, and then play with the A-C algorithm. The code is enormous and I
>> would like some pointers as to where to look at.
>>
>> Any help would be highly appreciated.
>>
>> Thanking in anticipation,
>> Anju
>>
>
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120305/4f2e0eb5/attachment.html>


More information about the Snort-devel mailing list