[Snort-users] Dynamic Preprocessor- packets from established flows

Alex Adamos alexthakidadam at ...125...
Tue Jan 29 15:01:53 EST 2013


Hi,
i managed to get my own preprocessor running (using DPX starter kit). I would like to know when a packet gets called by my preprocessor, whether it's from an established flow or not. Can anyone help me how to do this?
Also, i have a counter to the packets being processed by my DPX, and i see a significant difference with the other preprocessors. It's like my DPX doesn't get called for every packet.I add my preprocessor like this :
_dpd.addPreproc(DPX_Process, PRIORITY_LAST,PP_DPX,PROTO_BIT__TCP|PROTO_BIT__UDP);
thanks,Alex. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130129/1628870d/attachment.html>


More information about the Snort-users mailing list