[Oisf-devel] Understanding Suricata

Anil Joshi aj27744 at gmail.com
Tue Oct 15 10:13:41 UTC 2013


Thanks for the reply sir.
As you given the packet flow so firstly I would like to go through the
receive part so if i give suricata the pcap now how can i see the packet
capture part of suricata and i mean how i debug it?


On Thu, Oct 10, 2013 at 1:01 PM, Anoop Saldanha <anoopsaldanha at gmail.com>wrote:

> On Wed, Oct 9, 2013 at 11:40 PM, Anil Joshi <aj27744 at gmail.com> wrote:
> > Hi All,
> >
> > Hi i have an query for you actually i need a suggestion if i want to
> > understand suricata working that mean how it takes packet how it matches
> it
> > against signtaure how should i proceed?
> >
>
> I would suggest taking a pcap and stepping through the code.  You can
> use the pcap file interface for this purpose
>
> suricata -c suricata.yaml -r path/to/pcap_file --runmode=single
>
> Suricata is modular, as in, each of the different phases is split into
> an identifiable module - receive, decoder, stream, detection, verdict,
> logging.
>
> Packets flow though the above sequence in a sequential manner.
>
> --
> -------------------------------
> Anoop Saldanha
> http://www.poona.me
> -------------------------------
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20131015/5de92f26/attachment-0002.html>


More information about the Oisf-devel mailing list