[Snort-devel] How to debugging on Snort?

Russ rucombs at cisco.com
Fri May 18 02:06:26 EDT 2018


Snort 3 provides a trace facility that will output info for each step of 
signature evaluation (upon fast pattern match).  Check the "Module 
Trace" section (5.10.1) in the user manual.

On 5/17/18 10:10 PM, İzzettin Erdem via Snort-devel wrote:
> Hello Everyone ,
>
> I want to debug Snort but I didn't find something help me. Actually I 
> want to learn that: Packets come in to network and Snort catches them. 
> After that, Snort checks packets by rules. How can I see what Snort 
> checks at a time and output of this check process?
>
> Example check process for packet P1;
>
> Searching for :
>    content:"sa"
>    offset:5
> depth:10
>
> output -> found or 1
>
> continue to check packet p1:
>
> content: "|02|"
> offset: 33
> depth: 45
> .
> .
> .
>
> output -> not found or 0
>
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180518/b905b5f2/attachment.html>


More information about the Snort-devel mailing list