[Snort-users] Regarding Coding for Snort

waldo kitty wkitty42 at ...14940...
Thu Jul 18 14:29:12 EDT 2013


On 7/18/2013 13:57, Mayur Patil wrote:
> Hi Joel,
>
>     Yes, this is assignment for project.

:?

>     But In this case, I just want the topic on which I could do this work in
> short time.
>
>     My goal is to write code for Rules of snort achieved in 4-5 days which
> should be 80 -100 lines.

you still do not say what kind of code you are talking about... if you are 
talking about standard GID:1 text rules, then choose something you want to 
monitor for... like DNS or NETBIOS traffic... or possibly something easier like 
POP3 or SMTP traffic... then you could use the protocol specs of those to create 
rules for the different stages of the protocol so that you could alert as each 
stage was triggered...

if you are talking about coding GID:3 shared object rules, there is a skeleton 
for such to give a start... generally speaking, rules are written in C and 
compiled just like any other shared objects... i do not have any specific 
experience writing GID:3 rules, though...

you have the same thing as the GID:3 rules for creating your own preperocessor 
to perform some task on the packets... again, this is an area i do not know 
about other than having seen others talk about it occasionally...

have you looked on the snort.org web site for any type of development packages 
related to your chosen task? that's where i would expect to find samples and 
tutorials of this nature...

>     Seeking for guidance,
>     Thanks !!
> *
> *
> *--*
> *Cheers,*
> *Mayur*
>
> On Thu, Jul 18, 2013 at 10:47 PM, Joel Esler <jesler at ...1935...
> <https://mail.google.com/mail/u/0/?view=cm&fs=1&tf=1&to=jesler@...1935...>>
> wrote:
>
>     It seems that you are either:
>
>     A) Asking this for an assignment or
>     B) Have no idea what you are asking.
>
>     What are you trying to accomplish.  What is your end goal?
>
>
>     On Jul 18, 2013, at 12:55 PM, Mayur Patil <ram.nath241089 at ...11827...
>     <https://mail.google.com/mail/u/0/?view=cm&fs=1&tf=1&to=ram.nath241089@...11827...>>
>     wrote:
>
>>     Hi Waldo,
>>
>>         Two of them which will take*less time and efficient *would be choice
>>     for my work.
>>         A preprocessor? GID:3 shared object rules?
>>         Seeking for guidance,
>>
>>         Thanks !!
>>
>>          On Thu, Jul 18, 2013 at 8:50 PM, waldo kitty<wkitty42 at ...14940...
>>         <https://mail.google.com/mail/u/0/?view=cm&fs=1&tf=1&to=wkitty42@...14940...>>wrote:
>>
>>         On 7/18/2013 07:40, Mayur Patil wrote:
>>         > Hi there,
>>         >
>>         >     First of all sorry for silly question.
>>         >
>>         >     I want to know what can I do in snort as coding part
>>         >
>>         >     which could be done in 4-5 days ??
>>         >
>>         >    Seeking for guidance,
>>
>>         coding what? a preprocessor? GID:3 shared object rules?
>>
>>         you have to be more specific...



-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list