[Snort-devel] snort sFsnortPakcet header file to count TCP, ICMP and UDP packets

Steven Sturges steve.sturges at ...402...
Thu Jun 19 15:48:53 EDT 2014


If one of those pointers is set...

On 6/19/14, 3:42 PM, Amtul Saboor wrote:
> Thank you Steven , I have looked at this but can you guide me about how
> to write a piece of code for knowing whether the incoming packet belongs
> to TCP , UDP or ICMP protocol .
>
> Kind Regards
>
>
> On Thu, Jun 19, 2014 at 11:35 PM, Steven Sturges
> <steve.sturges at ...402... <mailto:steve.sturges at ...402...>> wrote:
>
>     The data you're looking for is within the SFSnortPacket struct...
>
>     typedef struct _SFSnortPacket
>     {
>     ...
>           const TCPHeader *tcp_header, *orig_tcp_header;
>           const UDPHeader *udp_header, *orig_udp_header;
>           const UDPHeader *inner_udph;   /* if Teredo + UDP, this will
>     be the
>     inner UDP header */
>           const UDPHeader *outer_udph;   /* if Teredo + UDP, this will
>     be the
>     outer UDP header */
>           const ICMPHeader *icmp_header, *orig_icmp_header;
>     ...
>
>
>     On 6/19/14, 1:09 PM, Amtul Saboor wrote:
>
>         Hello
>
>         I am trying to make some changes in snort sample prperocessor
>         dpx , i
>         have read the following information from snort manual online:
>
>
>              /4.1.4 SFSnortPacket/
>
>         /*The SFSnortPacket structure mirrors the snort Packet structure and
>         provides access to all of the data contained in a given packet.*/
>
>         /*It and the data structures it incorporates are defined in
>
>         sf_snort_packet.h. Additional data structures may be defined to
>         reference other protocol fields. Check the header file for the
>         current
>         definitions.*/
>
>         _Source: http://manual.snort.org/__node38.html
>         <http://manual.snort.org/node38.html>
>         <http://manual.snort.org/__node38.html
>         <http://manual.snort.org/node38.html>>_
>
>
>                     I want to output the average number of TCP Syn, UDP
>                     and ICMP PAckets received per second, I  have gone
>                     through this file sf_snort_packet.h , but i am unable to
>
>         locate the exact data structure that deals with incoming TCP
>         Syn, ICMP
>         and UDP packets. I just need these3 data structures to make the
>         desired
>         variation.
>
>         Any one would be appreciated. Thanks
>
>
>         Regards
>         Amtul
>
>
>         ------------------------------__------------------------------__------------------
>         HPCC Systems Open Source Big Data Platform from LexisNexis Risk
>         Solutions
>         Find What Matters Most in Your Big Data with HPCC Systems
>         Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
>         Leverages Graph Analysis for Fast Processing & Easy Data Exploration
>         http://p.sf.net/sfu/__hpccsystems <http://p.sf.net/sfu/hpccsystems>
>
>
>
>         _________________________________________________
>         Snort-devel mailing list
>         Snort-devel at ...3236...
>         <mailto:Snort-devel at lists.sourceforge.net>
>         https://lists.sourceforge.net/__lists/listinfo/snort-devel
>         <https://lists.sourceforge.net/lists/listinfo/snort-devel>
>         Archive:
>         http://sourceforge.net/__mailarchive/forum.php?forum___name=snort-devel
>         <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel>
>
>         Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
>
> --
> *Amtul Saboor*
> /MS (Information Security)
> /
> /Military College of Signals, National University of Science &
> Technology, Rawalpindi
> /
> /Pakistan
> /
>




More information about the Snort-devel mailing list