[Snort-devel] snort sFsnortPakcet header file to count TCP, ICMP and UDP packets
saboor.amtul at ...2499...
Thu Jun 19 15:42:40 EDT 2014
Thank you Steven , I have looked at this but can you guide me about how to
write a piece of code for knowing whether the incoming packet belongs to
TCP , UDP or ICMP protocol .
On Thu, Jun 19, 2014 at 11:35 PM, Steven Sturges <
steve.sturges at ...402...> wrote:
> The data you're looking for is within the SFSnortPacket struct...
> typedef struct _SFSnortPacket
> const TCPHeader *tcp_header, *orig_tcp_header;
> const UDPHeader *udp_header, *orig_udp_header;
> const UDPHeader *inner_udph; /* if Teredo + UDP, this will be the
> inner UDP header */
> const UDPHeader *outer_udph; /* if Teredo + UDP, this will be the
> outer UDP header */
> const ICMPHeader *icmp_header, *orig_icmp_header;
> On 6/19/14, 1:09 PM, Amtul Saboor wrote:
>> I am trying to make some changes in snort sample prperocessor dpx , i
>> have read the following information from snort manual online:
>> /4.1.4 SFSnortPacket/
>> /*The SFSnortPacket structure mirrors the snort Packet structure and
>> provides access to all of the data contained in a given packet.*/
>> /*It and the data structures it incorporates are defined in
>> sf_snort_packet.h. Additional data structures may be defined to
>> reference other protocol fields. Check the header file for the current
>> _Source: http://manual.snort.org/node38.html
>> I want to output the average number of TCP Syn, UDP and ICMP PAckets
>>>>> received per second, I have gone through this file sf_snort_packet.h , but
>>>>> i am unable to
>>>> locate the exact data structure that deals with incoming TCP Syn, ICMP
>> and UDP packets. I just need these3 data structures to make the desired
>> Any one would be appreciated. Thanks
>> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
>> Find What Matters Most in Your Big Data with HPCC Systems
>> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
>> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> Please visit http://blog.snort.org for the latest news about Snort!
*MS (Information Security)*
*Military College of Signals, National University of Science & Technology,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel