[Snort-sigs] i've recieved your help

Matt Kettler mkettler at ...189...
Wed Jul 30 10:38:17 EDT 2003


It should be noted that in general posting anything but plain-text to the 
snort-* groups is frowned upon. Many of the subscribers read these groups 
in pure-text mode in a unix shell account.

That said, I'm not sure what you mean by "network processor" here, so I'm 
drawing a total blank on the details of what you'd like to do.

In general with some effort you could adapt snort to a lot of things.. I 
don't see an technical reasons why you couldn't adapt snort to gather input 
from something other than pcap. It might be a fair amount of work to do it, 
but I'd expect that most of the code was just dealing with data packets and 
wouldn't really know exactly where they came from.

You might also want to read the license that's included with snort if you 
are planning on making a modified version.



At 06:07 PM 7/30/2003 +0800, qkhou wrote:
>hi,all
>     i'll extraordinarily appreciate you  for all your help.Especially 
> Matt Ketter & jeremica.
>     it's a pity that there are little relative books on sale,i can not 
> make it more clear.
>     And
>     i wanna know whether snort can be reworked into a new form the 
> capture process is implemented via the network processor, then the 
> analysis process by snort.
>
>





More information about the Snort-sigs mailing list