[Snort-users] Grouping connections
Ulisses Araújo Costa
ulissesaraujocosta at ...11827...
Wed Apr 22 10:37:18 EDT 2009
I'm using Snort in a project. I'm wondering if with Snort I can group
packets from the same connection. For example: if I request google.com, I
just send one packet but the response came in (imagine) 4 packets. The idea
is make Snort just consider that as 2 states (me making the request and
google sending the response). The problem is I want to make that to
connections, not sessions.
If it was sessions I can use the 'flag' keyword. Now I'm seeing if the way
is using preprocessors, in this case the HTTP preprocessor.
Can you help me?
Ulisses Costa - http://caos.di.uminho.pt/~ulisses/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users