[Snort-users] http_inspects post_depth

Eoin Miller eoin.miller at ...14586...
Fri Jun 3 13:43:29 EDT 2011


Kind of wondering about this from the 2.9.0.5 manual:

---SNIP---
11. post_depth <integer>
This specifies the amount of data to inspect in a client post message. 
The value can be set from -1 to 65495. The default value is -1. A value 
of -1 causes Snort to ignore all the data in the post message. 
Inversely, a value of 0 causes Snort to inspect all the client post 
message. This increases the performance by inspecting only specified 
bytes in the post message.
---SNIP---

I'm trying to wrap my head around the wording of this. Does this 
effectively mean 0 = 65495? Or does setting the value to 0 cause 
inspection of all of it beyond the 65495 buffer range?

-- Eoin




More information about the Snort-users mailing list