[Snort-devel] Writing normalizer for snort

Harry Härpfer highend at ...3447...
Mon Nov 11 14:50:05 EST 2013


I'm a computer science student and for my bachelor thesis I need to implement BACnet/IP (UDP) support in 
snort. Means to write a normalizer for the BACnet/IP network and application layers (w/o the rules). 

As snort is all new to me it would be of great help if anyone could give me a short overview on how the normalizer code works and which parts of the source code would be involved in implementing BACnet/IP support.

I'm not really a professional C programmer therefor extracting these informations from the code is a bit of a hassle for me.

Also any links to more specific documentation than the README files and the user manual are welcome.

Thx in advance.

More information about the Snort-devel mailing list