[Snort-devel] Is there a snort/libnids alternative

Chris Green greencm at ...2499...
Mon Oct 15 13:09:18 EDT 2012

On Mon, Oct 15, 2012 at 4:43 AM, <elof at ...969...> wrote:

> I'm looking for exactly the same thing as libnids.
> The main thing missing in libnids is continued reassembly of tcp-flows
> even though there are SPAN packet drops.

You need to look at Bro scripts, Suricata preprocessor(?) or Snort
preprocessor.  All of these deal with mid-stream issues on some level via
their TCP engines.   The only big different to libnids is the program
perspective of is it a small part of your program or is your program part
of theirs.

Chris Green <greencm at ...2499...>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20121015/1d9d6760/attachment.html>

More information about the Snort-devel mailing list