[Snort-users] [snort-devel] Dynamic Pre-process to decipher packet information
emiliano.fausto at ...11827...
Fri Jan 10 13:59:04 EST 2014
I saw the preprocessor rpc_decode, which does something very similar to
what I was needing to do.
Taking this preprocessor as example, I could figure it out what I was
We can close this thread,
PS: Thanks to Hui Cao who oriented me.
2014/1/6 Emiliano Fausto <emiliano.fausto at ...11827...>
> Hello there,
> I'm trying to build a dynamic pre-processor which takes every packet
> before the SNORT engine, then decipher certain information which come
> ciphered inside the packet and put it back into the SNORT.
> I've seen that I'm able to deciphered the information and print it with
> logMsg() inside the preprocessor, and also send a syslog alert, but what
> I'd really want to do is to put it back into the snort engine so that this
> packet deciphered is being analyzed with the snort rules.
> Something like this:
> CIPHERED PKT ---> MyPreprocessor ---> DECIPHERED PKT --> SNORT engine rules
> Does anyone know how to do it, or recommend some starting point?
> Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users