[Snort-users] most usfull snort rules

amir levinzon amir.h.univ at ...11827...
Mon Sep 8 06:44:48 EDT 2014


Hey all ,
I'm  trying to program a small sniffer that will be using the structure of
snort rules.
I want it to be very small so I need rally compact code(I will use C
probably ).
So i wanted to know two things.
A. is there a place the specific which of the snort rules are the most
usefull, meaning what are the most pupullar "packets" that will be detect
for the avrege web user? for the begining somthing about 20 rules will be
enouge .
B. I need to parse the rules into a data structure .I search in forums but
i  havn't found what is the actual structure that snort use and how the
packet is being parse so it "feets" the strcuture of the rule....can somone
recommend on data structure ? about parser?
Best regards,Amir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140908/1eb8bdc6/attachment.html>


More information about the Snort-users mailing list