[Snort-devel] How to debugging on Snort?

Al Lewis (allewi) allewi at cisco.com
Thu May 17 22:14:40 EDT 2018


Hello,

     To debug…  use GDB.

https://www.gnu.org/software/gdb/


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-devel <snort-devel-bounces at lists.snort.org> on behalf of İzzettin Erdem via Snort-devel <snort-devel at lists.snort.org>
Reply-To: İzzettin Erdem <root.mch at gmail.com>
Date: Thursday, May 17, 2018 at 10:11 PM
To: "snort-devel at lists.snort.org" <snort-devel at lists.snort.org>
Subject: [Snort-devel] How to debugging on Snort?

Hello Everyone ,

I want to debug Snort but I didn't find something help me. Actually I want to learn that: Packets come in to network and Snort catches them. After that, Snort checks packets by rules. How can I see what Snort checks at a time and output of this check process?

Example check process for packet P1;

Searching for :
   content:"sa"
   offset:5
depth:10

output -> found or 1

continue to check packet p1:

content: "|02|"
offset: 33
depth: 45
.
.
.

output -> not found or 0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180518/bc88888c/attachment.html>


More information about the Snort-devel mailing list