mitesh
Reputation: 1547
I want to know full flow of how snort processes a packet?
I know how to configure and run snort with dynamic rules written.
I know some stages of processing like decoding, preprocessors, dynamic rules match, output plugins etc.
I am using snort as inline mode. I want to know full flow of processing from packet comes to snort and to packet is delivered to application.
Can any one suggest me a link like its complete flow description?
Thanks
Upvotes: 1
Views: 1161
Answers (1)
Mark Hillick
Reputation: 6973
Slide 9 on this presentation http://www.slideshare.net/mboman/snort gives some information and page 45 in this pdf http://www.pearsonhighered.com/assets/hip/us/hip_us_pearsonhighered/samplechapter/157870281X.pdf should also help.
Upvotes: 2
Related Questions
- How to monitor packets using Snort features?
- how to procees dos snort rule with captured packet
- Separate the packet header from the payload in snort
- snort | pcre| rule specification
- Reading the captured packet header features in snort
- Packet Processing in NetFilter Hooks ?
- Read the alert log from snort
- Snort - Trying to understand how this snort rule works
- Snort: Reporting packet numbers
- How to block packets using snort?