[Snort-devel] Interested in developing a preprocessor; want all the documentation I can get.

Tony Robinson deusexmachina667 at ...2499...
Mon Aug 12 21:52:33 EDT 2013


this gives me a good starting point... Do you or anyone else for that
matter know if the starter kit is compatible with the latest snort
versions? I'm assuming so, since the web page refers to snort 2.9.4.x while
the text doc in the tarball refers to snort 2.9.0.x

also specifically what I'm looking to do is take normalized traffic in
either a passive or inline config and pass the cleaned up/reassembled
traffic to prads or p0f for more accurate host detection, and in turn prads
or p0f could be used to build more accurate stream 5 or frag 3 host
policies.. makes sense, no?


On Mon, Aug 12, 2013 at 9:27 PM, Rodrigo Montoro(Sp0oKeR) <spooker at ...2499...
> wrote:

> I'm not a devel but for sure this url will help you =)
>
> http://www.snort.org/snort-downloads/dynamic-preprocessor-starter-kit/
>
> Regards,
>
>
> On Mon, Aug 12, 2013 at 10:23 PM, Tony Robinson <
> deusexmachina667 at ...2499...> wrote:
>
>> Title really says it all.
>>
>> Sorry for cross posting this into both users and the devel mailing list,
>> but I'm looking to get as many sets of eyes as I can here.
>>
>> Do any of you have any experience developing snort preprocessors? I would
>> like to try my at rolling one of my own, or figuring out how to pass
>> normalized/preprocessed traffic to other network inspection tools -- to be
>> quite honest, I have no idea what I'm doing  and am not sure if a
>> preprocessor would be necessary to do this or not.
>>
>> I know that for the most part, there are readmes included with most of
>> the source code, but if anyone has anymore solid documentation on how to do
>> something like this, I need all the documentation I can get.
>>
>>
>>
>> --
>> when does reality end? when does fantasy begin?
>>
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>> Archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>
>
>
> --
> Rodrigo Montoro (Sp0oKeR)
> http://spookerlabs.blogspot.com
> http://www.twitter.com/spookerlabs
> http://www.linkedin.com/in/spooker
>



-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130812/708bfa4a/attachment.html>


More information about the Snort-devel mailing list