[Snort-devel] How to debugging on Snort?

Joel Esler (jesler) jesler at cisco.com
Fri May 18 11:13:19 EDT 2018


Thank you for writing in.

Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-devel


Thanks!

On May 18, 2018, at 1:38 AM, James via Snort-devel <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>> wrote:



Please unsubscribe


On Fri, 18 May 2018 at 05:17 Al Lewis (allewi) via Snort-devel <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>> wrote:
Hello,

     To debug…  use GDB.

https://www.gnu.org/software/gdb/


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-devel <snort-devel-bounces at lists.snort.org<mailto:snort-devel-bounces at lists.snort.org>> on behalf of İzzettin Erdem via Snort-devel <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>
Reply-To: İzzettin Erdem <root.mch at gmail.com<mailto:root.mch at gmail.com>>
Date: Thursday, May 17, 2018 at 10:11 PM
To: "snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>" <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>
Subject: [Snort-devel] How to debugging on Snort?

Hello Everyone ,

I want to debug Snort but I didn't find something help me. Actually I want to learn that: Packets come in to network and Snort catches them. After that, Snort checks packets by rules. How can I see what Snort checks at a time and output of this check process?

Example check process for packet P1;

Searching for :
   content:"sa"
   offset:5
depth:10

output -> found or 1

continue to check packet p1:

content: "|02|"
offset: 33
depth: 45
.
.
.

output -> not found or 0
_______________________________________________
Snort-devel mailing list
Snort-devel at lists.snort.org<mailto:Snort-devel at lists.snort.org>
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!
_______________________________________________
Snort-devel mailing list
Snort-devel at lists.snort.org<mailto:Snort-devel at lists.snort.org>
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180518/33db08f8/attachment.html>


More information about the Snort-devel mailing list