[Snort-users] telnet session reassembly with stream4
gned at ...12288...
Mon Oct 4 16:56:18 EDT 2004
I'm trying to use stream4 to reassemble a telnet session into one
uberpacket, and to then perform some statistical analysis on the data. I
have written a preprocessor that passes all reassembled packets to a
function that does this analysis, and doesn't do anything with the rest of
I'm using the condition (p->packet_flags & PKT_REBUILT_STREAM) to decide
whether to call the analysis function or not. The problem I'm having is
that when I run snort on telnet captures the condition above never
evaluates to true. For the other 10 protocols I'm analysing, I haven't had
Does anybody know what could be causing this?
More information about the Snort-users