[Snort-devel] snort sFsnortPakcet header file to count TCP, ICMP and UDP packets

Amtul Saboor saboor.amtul at ...2499...
Thu Jun 19 15:42:40 EDT 2014


Thank you Steven , I have looked at this but can you guide me about how to
write a piece of code for knowing whether the incoming packet belongs to
TCP , UDP or ICMP protocol .

Kind Regards


On Thu, Jun 19, 2014 at 11:35 PM, Steven Sturges <
steve.sturges at ...402...> wrote:

> The data you're looking for is within the SFSnortPacket struct...
>
> typedef struct _SFSnortPacket
> {
> ...
>      const TCPHeader *tcp_header, *orig_tcp_header;
>      const UDPHeader *udp_header, *orig_udp_header;
>      const UDPHeader *inner_udph;   /* if Teredo + UDP, this will be the
> inner UDP header */
>      const UDPHeader *outer_udph;   /* if Teredo + UDP, this will be the
> outer UDP header */
>      const ICMPHeader *icmp_header, *orig_icmp_header;
> ...
>
>
> On 6/19/14, 1:09 PM, Amtul Saboor wrote:
>
>> Hello
>>
>> I am trying to make some changes in snort sample prperocessor dpx , i
>> have read the following information from snort manual online:
>>
>>
>>     /4.1.4 SFSnortPacket/
>>
>> /*The SFSnortPacket structure mirrors the snort Packet structure and
>> provides access to all of the data contained in a given packet.*/
>>
>> /*It and the data structures it incorporates are defined in
>>
>> sf_snort_packet.h. Additional data structures may be defined to
>> reference other protocol fields. Check the header file for the current
>> definitions.*/
>>
>> _Source: http://manual.snort.org/node38.html
>> <http://manual.snort.org/node38.html>_
>>
>>
>>  I want to output the average number of TCP Syn, UDP and ICMP PAckets
>>>>> received per second, I  have gone through this file sf_snort_packet.h , but
>>>>> i am unable to
>>>>>
>>>> locate the exact data structure that deals with incoming TCP Syn, ICMP
>> and UDP packets. I just need these3 data structures to make the desired
>> variation.
>>
>> Any one would be appreciated. Thanks
>>
>>
>> Regards
>> Amtul
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
>> Find What Matters Most in Your Big Data with HPCC Systems
>> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
>> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
>> http://p.sf.net/sfu/hpccsystems
>>
>>
>>
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>> Archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>>


-- 
*Amtul Saboor*

*MS (Information Security)*

*Military College of Signals, National University of Science & Technology,
Rawalpindi*

*Pakistan*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140620/384856f7/attachment.html>


More information about the Snort-devel mailing list