[Snort-users] [snort-devel] Dynamic Pre-process to decipher packet information

Emiliano Fausto emiliano.fausto at ...11827...
Fri Jan 10 13:59:04 EST 2014


I saw the preprocessor rpc_decode, which does something very similar to
what I was needing to do.

Taking this preprocessor as example, I could figure it out what I was
looking for.

We can close this thread,


PS: Thanks to Hui Cao who oriented me.

2014/1/6 Emiliano Fausto <emiliano.fausto at ...11827...>

> Hello there,
> I'm trying to build a dynamic pre-processor which takes every packet
> before the SNORT engine, then decipher certain information which come
> ciphered inside the packet and put it back into the SNORT.
> I've seen that I'm able to deciphered the information and print it with
> logMsg() inside the preprocessor, and also send a syslog alert, but what
> I'd really want to do is to put it back into the snort engine so that this
> packet deciphered is being analyzed with the snort rules.
> Something like this:
> CIPHERED PKT ---> MyPreprocessor ---> DECIPHERED PKT --> SNORT engine rules
> Does anyone know how to do it, or recommend some starting point?
> Thanks in advance,
> Emiliano.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140110/7dcf1086/attachment.html>

More information about the Snort-users mailing list