Snort mailing list archives
Re: Dynamic Preprocessor not capturing any packet
From: Big Whale <d0lph1n98 () yahoo com>
Date: Wed, 8 Jul 2015 13:54:27 +0000 (UTC)
I think the preprocessor is loaded correctly, it even parse the configuration parameter correctly.It's just not
capturing any packet, i have made a little modification to the ModSecProcess(). If the source port/destination port is
equal to port 80 and then alert something. Basically, it's simple but practically hard or maybe my code is problematic
somewhere.
On Wednesday, July 8, 2015 9:01 PM, Hui cao <huica () cisco com> wrote:
You can step through your code to figure out why. Is SetupModSec called? Is ModSecInit called? Is ModSecProcess
called? You can check SSH preprocessor how it works because it is very simple.
Best,
Hui.
On 07/07/2015 09:46 PM, Big Whale wrote:
Hello all,
My preprocessor is not capturing any packet, even though i have defined if the source port is equal to specific port
then the alert will be trigger with that preprocessor signature. However, everything seems not working like i wanted.
Here is the link of my code --> https://github.com/d0lph1n98/Snort-ModSec-CRS-Parser
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Dynamic Preprocessor not capturing any packet Big Whale (Jul 07)
- Re: Dynamic Preprocessor not capturing any packet Hui cao (Jul 08)
- Re: Dynamic Preprocessor not capturing any packet Big Whale (Jul 08)
- Re: Dynamic Preprocessor not capturing any packet Hui cao (Jul 08)