[Snort-devel] unified2_extra_data

Brad Tilley rtilley at ...3360...
Thu Jan 10 15:55:38 EST 2013


I'm parsing unified2 data files from snort 2.9.4 with a C++ program I wrote (just to refresh my memory of the format) and I was wondering how to make snort write a UNIFIED2_EXTRA_DATA entry. I've tried scanning with Nessus, nmap and Rapid7 (ipv4 and ipv6) but I'm still unable to get a unified2 header with a type of 110 written to the file. 

Thanks for any advice. All the other types I'm interested in (2, 104, 105) parse OK.

Brad

-- 

Brad Tilley
Virginia Tech IT Security
(540) 231-3133




More information about the Snort-devel mailing list