[Snort-devel] Developing a TCP/IP connections statistics plugin
phuong.m.cao at ...2499...
Mon Oct 27 20:17:01 EDT 2014
I am having some questions when building a TCP/IP connection
statistics plugin for Snort.
My TCP/IP connection statistics plugin collects statistics such as
number of exchanged packets, packet sending rates, inter packet
arrival time, and so on for a TCP/IP connection (which is a tuple of
src_ip:src_port and dst_ip:dst_port). I see that Snort already has a
performance counter for IP (function UpdateFlowIPStats() in the file
perf-flow.c). I am thinking of patching this file (that is updating
the sfBTStats structure to support my statistics). Although patching
might work, I think a dynamic plugin is a better approach.
Is the proposed approach a right direction to go? I appreciate any suggestions.
More information about the Snort-devel