[Snort-devel] Writing normalizer for snort
highend at ...3447...
Mon Nov 11 14:50:05 EST 2013
I'm a computer science student and for my bachelor thesis I need to implement BACnet/IP (UDP) support in
snort. Means to write a normalizer for the BACnet/IP network and application layers (w/o the rules).
As snort is all new to me it would be of great help if anyone could give me a short overview on how the normalizer code works and which parts of the source code would be involved in implementing BACnet/IP support.
I'm not really a professional C programmer therefor extracting these informations from the code is a bit of a hassle for me.
Also any links to more specific documentation than the README files and the user manual are welcome.
Thx in advance.
More information about the Snort-devel