No subject


Thu Nov 23 16:36:19 EST 2017


>
> --->frag2--->stream4+--->http decode--->
>       |             |
>       |             +--->telnet decode-->
>       |             |
>       |             +--->rpc decode--->
>       |
>       +-------------------------------> icmp / udp packets
>
>
> This order is important. right ? correct me if i am wrong..

Yes.  There are actually a few streams


[ decodes ] -> detection egine

frag2 -> [ decodes ] -> detection egine

frag2 -> stream4 -> detection engine
-- 
Chris Green <cmg at ...1935...>
Laugh and the world laughs with you, snore and you sleep alone.




More information about the Snort-users mailing list