[Snort-sigs] i've recieved your help
mkettler at ...189...
Wed Jul 30 10:38:17 EDT 2003
It should be noted that in general posting anything but plain-text to the
snort-* groups is frowned upon. Many of the subscribers read these groups
in pure-text mode in a unix shell account.
That said, I'm not sure what you mean by "network processor" here, so I'm
drawing a total blank on the details of what you'd like to do.
In general with some effort you could adapt snort to a lot of things.. I
don't see an technical reasons why you couldn't adapt snort to gather input
from something other than pcap. It might be a fair amount of work to do it,
but I'd expect that most of the code was just dealing with data packets and
wouldn't really know exactly where they came from.
You might also want to read the license that's included with snort if you
are planning on making a modified version.
At 06:07 PM 7/30/2003 +0800, qkhou wrote:
> i'll extraordinarily appreciate you for all your help.Especially
> Matt Ketter & jeremica.
> it's a pity that there are little relative books on sale,i can not
> make it more clear.
> i wanna know whether snort can be reworked into a new form the
> capture process is implemented via the network processor, then the
> analysis process by snort.
More information about the Snort-sigs