[Snort-devel] unified2_extra_data

Brad Tilley rtilley at ...3360...
Thu Jan 10 15:55:38 EST 2013

I'm parsing unified2 data files from snort 2.9.4 with a C++ program I wrote (just to refresh my memory of the format) and I was wondering how to make snort write a UNIFIED2_EXTRA_DATA entry. I've tried scanning with Nessus, nmap and Rapid7 (ipv4 and ipv6) but I'm still unable to get a unified2 header with a type of 110 written to the file. 

Thanks for any advice. All the other types I'm interested in (2, 104, 105) parse OK.



Brad Tilley
Virginia Tech IT Security
(540) 231-3133

More information about the Snort-devel mailing list