[Snort-devel] How snort rules are used

Russ Combs rcombs at ...402...
Wed Jul 3 12:22:34 EDT 2013


Snort is a little too monolithic to make that a simple task.  Which
dependencies are trouble on Android?

On Wed, Jun 26, 2013 at 10:24 AM, Raphael Wutzke <
raphael.wutzke at ...3409...> wrote:

> Hey folks,
>
> I have got a question concerning snort rules being applied. The
> documentation is not very clear on discussing the data flow. So I wanted
> to know basically, whether it is possible to extract a subsystem
> (without to much difficulty) from the snort source code which would
> function as follows:
> 2 inputs, one being a file containing the rules and the other one a
> packet or even better a packet stream,file, whatever
> output being whether any of the given rules applies to the packet(s).
>
> What I want to do is having generated some snort rules I want to check
> easily on Android OS whether a packet applies to a rule. Since snort
> does not run natively on Android and the depending libraries are not
> available for android either (and manually porting them is not feasible
> easily for all of them) I wanted to extract the specific part of Snort
> which I really need to have, which I hope is possible since I don't
> quite know what the data flow in snort is.
>
> Please bear with me if I totally got it wrong!
>
> Thanks in advance,
> Raphael
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130703/a5c55fed/attachment.html>


More information about the Snort-devel mailing list