[Snort-devel] snort sFsnortPakcet header file to count TCP, ICMP and UDP packets

Steven Sturges steve.sturges at ...402...
Thu Jun 19 14:35:59 EDT 2014


The data you're looking for is within the SFSnortPacket struct...

typedef struct _SFSnortPacket
{
...
      const TCPHeader *tcp_header, *orig_tcp_header;
      const UDPHeader *udp_header, *orig_udp_header;
      const UDPHeader *inner_udph;   /* if Teredo + UDP, this will be the
inner UDP header */
      const UDPHeader *outer_udph;   /* if Teredo + UDP, this will be the
outer UDP header */
      const ICMPHeader *icmp_header, *orig_icmp_header;
...

On 6/19/14, 1:09 PM, Amtul Saboor wrote:
> Hello
>
> I am trying to make some changes in snort sample prperocessor dpx , i
> have read the following information from snort manual online:
>
>
>     /4.1.4 SFSnortPacket/
>
> /*The SFSnortPacket structure mirrors the snort Packet structure and
> provides access to all of the data contained in a given packet.*/
>
> /*It and the data structures it incorporates are defined in
> sf_snort_packet.h. Additional data structures may be defined to
> reference other protocol fields. Check the header file for the current
> definitions.*/
>
> _Source: http://manual.snort.org/node38.html
> <http://manual.snort.org/node38.html>_
>
>>>>I want to output the average number of TCP Syn, UDP and ICMP PAckets received per second, I  have gone through this file sf_snort_packet.h , but i am unable to
> locate the exact data structure that deals with incoming TCP Syn, ICMP
> and UDP packets. I just need these3 data structures to make the desired
> variation.
>
> Any one would be appreciated. Thanks
>
>
> Regards
> Amtul
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
>
>
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>




More information about the Snort-devel mailing list