[Snort-devel] Graph based IDS

Florian Klickermann florian.klickermann at ...2499...
Fri May 10 04:53:03 EDT 2013


Hi,
I'm a new user of snort and I want to develop a graph based IDS module for
it. This graph based module should use the sniffed TCP/IP connections from
snort to check if the connection is new or not.
Therefore I need a Snort Specification document but i cant find it.
I need the following Information for my project:
- Which variable saves the IP address or can I create a rule which sends
all IP connections to a file or a variable?
- Through which API can I include my new module?
- Do I need a new preprocessor for my project?
Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130510/9ca24931/attachment.html>


More information about the Snort-devel mailing list