Snort mailing list archives
Developing a TCP/IP connections statistics plugin
From: Phuong Cao <phuong.m.cao () gmail com>
Date: Mon, 27 Oct 2014 17:17:01 -0700
Hi there, I am having some questions when building a TCP/IP connection statistics plugin for Snort. My TCP/IP connection statistics plugin collects statistics such as number of exchanged packets, packet sending rates, inter packet arrival time, and so on for a TCP/IP connection (which is a tuple of src_ip:src_port and dst_ip:dst_port). I see that Snort already has a performance counter for IP (function UpdateFlowIPStats() in the file perf-flow.c). I am thinking of patching this file (that is updating the sfBTStats structure to support my statistics). Although patching might work, I think a dynamic plugin is a better approach. Is the proposed approach a right direction to go? I appreciate any suggestions. Thanks - Phuong ------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Developing a TCP/IP connections statistics plugin Phuong Cao (Oct 27)
- Re: Developing a TCP/IP connections statistics plugin Carter Waxman (cwaxman) (Oct 28)
- Re: Developing a TCP/IP connections statistics plugin Phuong Cao (Oct 28)
- Re: Developing a TCP/IP connections statistics plugin Carter Waxman (cwaxman) (Oct 28)