Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to debugging on Snort?

From: Russ via Snort-devel <snort-devel () lists snort org>
Date: Fri, 18 May 2018 02:06:26 -0400
Snort 3 provides a trace facility that will output info for each step of signature evaluation (upon fast pattern match).  Check the "Module Trace" section (5.10.1) in the user manual. 

On 5/17/18 10:10 PM, İzzettin Erdem via Snort-devel wrote:

Hello Everyone ,
I want to debug Snort but I didn't find something help me. Actually I want to learn that: Packets come in to network and Snort catches them. After that, Snort checks packets by rules. How can I see what Snort checks at a time and output of this check process? 

Example check process for packet P1;

Searching for :
   content:"sa"
   offset:5
depth:10

output -> found or 1

continue to check packet p1:

content: "|02|"
offset: 33
depth: 45
.
.
.

output -> not found or 0


_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!



_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: