[Snort-users] [snort-devel] Dynamic Pre-process to decipher packet information

Emiliano Fausto emiliano.fausto at ...11827...
Mon Jan 6 14:01:54 EST 2014


Hello there,

I'm trying to build a dynamic pre-processor which takes every packet before
the SNORT engine, then decipher certain information which come ciphered
inside the packet and put it back into the SNORT.

I've seen that I'm able to deciphered the information and print it with
logMsg() inside the preprocessor, and also send a syslog alert, but what
I'd really want to do is to put it back into the snort engine so that this
packet deciphered is being analyzed with the snort rules.

Something like this:

CIPHERED PKT ---> MyPreprocessor ---> DECIPHERED PKT --> SNORT engine rules

Does anyone know how to do it, or recommend some starting point?

Thanks in advance,
Emiliano.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140106/6339a452/attachment.html>


More information about the Snort-users mailing list