[Snort-users] Again snort and unixsocket

TSauter at ...158... TSauter at ...158...
Sun Nov 25 13:48:02 EST 2001


Hello snort-users,

first, thanks for all replies to my previous post. After some probs and
manuals,
I've got now the following code:

<snip>
        Alertpkt alert;
	while((connfd = recvfrom(sockfd, &alert, sizeof(alert), 0,
		(struct sockaddr *) &adresse, (socklen_t *) &adrlen)) > 0)
	{
		Packet *p;
		p = (void *)&alert.pkt;

		printf("%s [%d]\n", alert.alertmsg, alert.event.event_id);
		printf("%d->%d\n", p->sp, p->dp);
		fflush(NULL);
	}
</snip>

With this code-snipset I got only the snort alert message, but no packet
infos like ip-addresses or ports. I think all infos should stored in
"alert.pkt", with is simply an pointer to a Packet-structur (decode.h). But how can I
use this infos in my program.

The code below works, but the pkt structur seems to be empty.

Where is my mistake?
Any hints?

Thanks
Thorsten

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net





More information about the Snort-users mailing list