Home page logo

snort logo Snort mailing list archives

SFSnortPacket: Problem when getting packet payload
From: Hai Minh Nguyen <lightsea90 () gmail com>
Date: Tue, 14 May 2013 17:39:21 +0700


I'm writing a dynamic preprocessor which examines all packet payload. I
found that SFSnortPacket contained 2 members: payload (pointer) and
payload_size. I used these 2 members to read packet payload. But when I
tested with those packets of a HTTP stream (definitely payload existed), it
shown that payload_size = 0 and payload != NULL. I thought if payload_size
= 0 then payload = NULL :|

My questions:

1. If payload_size = 0, there's no payload, just header and payload = NULL.
Is this true? What about my case?

2. How to examine packet payload? (Is that my way right? How to fix? Any
other solution?)

Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
lần, nhưng chưa ai qua nổi quá tam chiêu!!!
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
Snort-devel mailing list
Snort-devel () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]