[Snort-devel] How to debugging on Snort?

James sjamek at gmail.com
Fri May 18 01:38:31 EDT 2018


Please unsubscribe


On Fri, 18 May 2018 at 05:17 Al Lewis (allewi) via Snort-devel <
snort-devel at lists.snort.org> wrote:

> Hello,
>
>
>
>      To debug…  use GDB.
>
>
>
> https://www.gnu.org/software/gdb/
>
>
>
>
>
> *Albert Lewis*
>
> ENGINEER.SOFTWARE ENGINEERING
>
> Cisco Systems Inc.
>
> Email: allewi at cisco.com
>
>
>
> *From: *Snort-devel <snort-devel-bounces at lists.snort.org> on behalf of
> İzzettin Erdem via Snort-devel <snort-devel at lists.snort.org>
> *Reply-To: *İzzettin Erdem <root.mch at gmail.com>
> *Date: *Thursday, May 17, 2018 at 10:11 PM
> *To: *"snort-devel at lists.snort.org" <snort-devel at lists.snort.org>
> *Subject: *[Snort-devel] How to debugging on Snort?
>
>
>
> Hello Everyone ,
>
>
>
> I want to debug Snort but I didn't find something help me. Actually I want
> to learn that: Packets come in to network and Snort catches them. After
> that, Snort checks packets by rules. How can I see what Snort checks at a
> time and output of this check process?
>
>
>
> Example check process for packet P1;
>
>
>
> Searching for :
>
>    content:"sa"
>
>    offset:5
>
> depth:10
>
>
>
> output -> found or 1
>
>
>
> continue to check packet p1:
>
>
>
> content: "|02|"
>
> offset: 33
>
> depth: 45
>
> .
>
> .
>
> .
>
>
>
> output -> not found or 0
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180518/5e834641/attachment-0001.html>


More information about the Snort-devel mailing list