Re: [Snort-users] Snort and nf_queue
This is a discussion on Re: [Snort-users] Snort and nf_queue within the Snort forums, part of the System Security and Security Related category; --===============0207886895== Content-Type: multipart/alternative; boundary="----=_Part_177458_4383049.1185452666030" ------=_Part_177458_4383049.1185452666030 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-26-2007
|
|||
|
|||
Re: [Snort-users] Snort and nf_queue
--===============0207886895==
Content-Type: multipart/alternative; boundary="----=_Part_177458_4383049.1185452666030" ------=_Part_177458_4383049.1185452666030 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline snort_inline supports nf_queue. See the README.NFQUEUE in the source. http://prdownloads.sourceforge.net/s...ar.gz?download Regards, Will On 7/26/07, bahamin takhtaei <b_takhtaei@yahoo.com> wrote: > > Hi everyone! > I run Snort-2.6.1.4 in IDS mode and see that it works with nf_queue > correctly. > But when I search in the src-code, I can't find any function that handles > the nf_queue packets. > Also, I send the receiving packets to several nf_queue and see that Snort > handles > all of them! where is it identifies the queue_nums and works with them? > > Thank you, > Bahamin > > ------------------------------ > Take the Internet to Go: Yahoo!Go puts the Internet in your pocket:<http://us.rd.yahoo.com/evt=48253/*http://mobile.yahoo.com/go?refer=1GNXIC>mail, news, photos & more. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > ------=_Part_177458_4383049.1185452666030 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline snort_inline supports nf_queue. See the README.NFQUEUE in the source.<br><br><a href="http://prdownloads.sourceforge.net/snort-inline/snort_inline-2.6.1.5.tar.gz?download">http://prdownloads.sourceforge.net/s...ar.gz?download </a><br><br>Regards,<br><br>Will<br><br><br><br><div ><span class="gmail_quote">On 7/26/07, <b class="gmail_sendername">bahamin takhtaei</b> <<a href="mailto:b_takhtaei@yahoo.com">b_takhtaei@yaho o.com</a>> wrote:</span> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi everyone!<br>I run Snort-2.6.1.4 in IDS mode and see that it works with nf_queue correctly. <br>But when I search in the src-code, I can't find any function that handles<br>the nf_queue packets.<br>Also, I send the receiving packets to several nf_queue and see that Snort handles<br>all of them! where is it identifies the queue_nums and works with them? <br><br>Thank you,<br><span class="sg">Bahamin<br></span><span class="ad"> <p> </p><hr size="1">Take the Internet to Go: Yahoo!Go puts the <a href="http://us.rd.yahoo.com/evt=48253/*http://mobile.yahoo.com/go?refer=1GNXIC" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> Internet in your pocket:</a> mail, news, photos & more. <p></p></span><br>-------------------------------------------------------------------------<br>This SF.net email is sponsored by: Splunk Inc.<br>Still grepping through log files to find problems? Stop. <br>Now Search log events and configuration files using AJAX and a browser.<br>Download your FREE copy of Splunk now >> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://get.splunk.com/" target="_blank"> http://get.splunk.com/</a><br>____________________________________________ ___<br>Snort-users mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net </a><br>Go to this URL to change user options or unsubscribe:<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users" target="_blank">https://lists.sourceforge.net/lists/...fo/snort-users <br>Snort-users</a> list archive:<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.geocrawler.com/redir-sf.php3?list=snort-users" target="_blank">http://www.geocrawler.com/redir-sf.p...st=snort-users </a><br></blockquote></div><br> ------=_Part_177458_4383049.1185452666030-- --===============0207886895== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ --===============0207886895== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============0207886895==-- 
|
Linear Mode
