[Snort-users] Grouping connections

Ulisses Araújo Costa ulissesaraujocosta at ...11827...
Wed Apr 22 10:37:18 EDT 2009


I'm using Snort in a project. I'm wondering if with Snort I can group
packets from the same connection. For example: if I request google.com, I
just send one packet but the response came in (imagine) 4 packets. The idea
is make Snort just consider that as 2 states (me making the request and
google sending the response). The problem is I want to make that to
connections, not sessions.

If it was sessions I can use the 'flag' keyword. Now I'm seeing if the way
is using preprocessors, in this case the HTTP preprocessor.

Can you help me?

Best Regards,

Ulisses Costa - http://caos.di.uminho.pt/~ulisses/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090422/536a328b/attachment.html>

More information about the Snort-users mailing list