[Snort-devel] About README.UNSOCK

WangChuang chuck.wang at ...3451...
Fri Nov 15 02:23:03 EST 2013


Hi,
Thanks for your response. Actually I'd like to parse out the 5-tuple(src ip, src port,dest ip, dest port) plus alert message from the Unix socket. I noticed that the Alertpkt struct has been redefined in Snort 2.9.5.5, because the new version of snort will use daq, so there is struct pcap_pkthdr32 pkth in it. What's more, the uint8_t pkt is [65535] size now, whereas it is [1518] in the earlier version. Will those cause the troubles to do with the unix-sock parse out? 
And I enclose the url of my program parser.c here: https://drive.google.com/file/d/0B9ry03pvjujlSXFNbFh3NTJicFU/edit?usp=sharingYou need to run snort ?CA unsock first and then compile and run the parser. However my program still cannot parse out the 5-tuple. I don't know why. It will be very kind if you guys can take a look. Thanks a lot.

--------------------------
Wang Chuang
Email:Chuck.Wang at ...3451...
Phone:+886-988492270
Address:R705, General Building II, National Tsing Hua University, 
No. 101, Section 2, Kuang-Fu Road, Hsinchu, Taiwan 30013, R.O.C.

Date: Thu, 14 Nov 2013 08:54:29 -0500
Subject: Re: [Snort-devel] About README.UNSOCK
From: bbantwal at ...402...
To: chuck.wang at ...3451...
CC: snort-devel at lists.sourceforge.net

Try ./src/snort.h

On Tue, Nov 12, 2013 at 5:11 AM, WangChuang <chuck.wang at ...3451...> wrote:




Hi there, 
In the README.UNSOCK, you give an example of using unsock, but i cannot find snort.h file, and this caused an compile error

#include "snort.h"


Could you pls help.Thanks.
--------------------------
Wang Chuang
Email:Chuck.Wang at ...3451...
Phone:+886-988492270

Address:R705, General Building II, National Tsing Hua University, 
No. 101, Section 2, Kuang-Fu Road, Hsinchu, Taiwan 30013, R.O.C. 		 	   		  

------------------------------------------------------------------------------

DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps

OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access

Free app hosting. Or install the open source package on any LAMP server.

Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!

http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________


Snort-devel mailing list

Snort-devel at lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/snort-devel

Archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel



Please visit http://blog.snort.org for the latest news about Snort!

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20131115/95316cd1/attachment.html>


More information about the Snort-devel mailing list