[Snort-devel] How to debugging on Snort?

İzzettin Erdem root.mch at gmail.com
Thu May 17 22:10:00 EDT 2018

Hello Everyone ,

I want to debug Snort but I didn't find something help me. Actually I want
to learn that: Packets come in to network and Snort catches them. After
that, Snort checks packets by rules. How can I see what Snort checks at a
time and output of this check process?

Example check process for packet P1;

Searching for :

output -> found or 1

continue to check packet p1:

content: "|02|"
offset: 33
depth: 45

output -> not found or 0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180518/9f1b594e/attachment.html>

More information about the Snort-devel mailing list