Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: wirshark diameter snort

From: Joshua Kinard <kumba () gentoo org>
Date: Mon, 23 Apr 2012 19:01:34 -0400
On 04/23/2012 8:26 AM, asiaimbiss wrote:


Can i use the wireshark parsing code for snort?(e.g 
packet_diameter.c)?...need to decode diameter protocol
Since both are written in C, and both are using libpcap...it should 
work, isnt it?

any idea guys?


Nope.  Wireshark defines a completely different core API than Snort.  That
said, you COULD use Wireshark's Diameter dissector in the epan/ folder as a
guide to write a Snort decoder for that protocol.  Especially if Diameter
supports any kind of reassembly or checksumming process, the algorithms used
might be applicable.

-- 
Joshua Kinard
Gentoo/MIPS
kumba () gentoo org
4096R/D25D95E3 2011-03-28

"The past tempts us, the present confuses us, the future frightens us.  And
our lives slip away, moment by moment, lost in that vast, terrible in-between."

--Emperor Turhan, Centauri Republic

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: