[Snort-users] snort detection engine

Brian bmc at ...950...
Wed Sep 8 11:12:41 EDT 2004


On Wed, Sep 08, 2004 at 10:57:15AM -0400, Matt Kettler wrote:
> At 07:18 PM 9/7/2004, snort user wrote:
> > could someone point me to references for help on how the snort detection 
> > engine works.
> 
> http://www.snort.org/docs/
> 
> http://www.sourcefire.com/technology/whitepapers.htm

The Syngress book "Snort 2.1" has a chapter that talks about the inner
workings of snort, including the decoders, the detection engine, and
writing detection plugins.

I think it provides enough detail for most people.  Though, I should.
I wrote the chapter.  :)

-b




More information about the Snort-users mailing list