[Snort-devel] Dynamic Preprocessor not capturing any packet

Big Whale d0lph1n98 at ...398...
Wed Jul 8 09:54:27 EDT 2015


I think the preprocessor is loaded correctly, it even parse the configuration parameter correctly.It's just not capturing any packet, i have made a little modification to the ModSecProcess(). If the source port/destination port is equal to port 80 and then alert something. Basically, it's simple but practically hard or maybe my code is problematic somewhere.
 


     On Wednesday, July 8, 2015 9:01 PM, Hui cao <huica at ...3461...> wrote:
   

  You can step through your code to figure out why. Is SetupModSec called? Is ModSecInit called? Is ModSecProcess called? You can check SSH preprocessor how it works because it is very simple.
 
 Best,
 Hui.
 
 On 07/07/2015 09:46 PM, Big Whale wrote:
  
 
 Hello all, 
  My preprocessor is not capturing any packet, even though i have defined if the source port is equal to specific port then the alert will be trigger with that preprocessor signature. However, everything seems not working like i wanted. Here is the link of my code --> https://github.com/d0lph1n98/Snort-ModSec-CRS-Parser
  
   
  
 ------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/ 
  
 _______________________________________________
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort! 
 
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150708/5572132f/attachment.html>


More information about the Snort-devel mailing list