[Oisf-devel] Understanding Suricata
Anoop Saldanha
anoopsaldanha at gmail.com
Thu Oct 10 07:31:07 UTC 2013
On Wed, Oct 9, 2013 at 11:40 PM, Anil Joshi <aj27744 at gmail.com> wrote:
> Hi All,
>
> Hi i have an query for you actually i need a suggestion if i want to
> understand suricata working that mean how it takes packet how it matches it
> against signtaure how should i proceed?
>
I would suggest taking a pcap and stepping through the code. You can
use the pcap file interface for this purpose
suricata -c suricata.yaml -r path/to/pcap_file --runmode=single
Suricata is modular, as in, each of the different phases is split into
an identifiable module - receive, decoder, stream, detection, verdict,
logging.
Packets flow though the above sequence in a sequential manner.
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-devel
mailing list