Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[snort-devel] Dynamic Pre-process to decipher packet information

From: Emiliano Fausto <emiliano.fausto () gmail com>
Date: Mon, 6 Jan 2014 17:01:54 -0200
Hello there,

I'm trying to build a dynamic pre-processor which takes every packet before
the SNORT engine, then decipher certain information which come ciphered
inside the packet and put it back into the SNORT.

I've seen that I'm able to deciphered the information and print it with
logMsg() inside the preprocessor, and also send a syslog alert, but what
I'd really want to do is to put it back into the snort engine so that this
packet deciphered is being analyzed with the snort rules.

Something like this:

CIPHERED PKT ---> MyPreprocessor ---> DECIPHERED PKT --> SNORT engine rules

Does anyone know how to do it, or recommend some starting point?

Thanks in advance,
Emiliano.

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: