[Oisf-users] Suricata and pf_ring packet dissection
Victor Julien
lists at inliniac.net
Mon Sep 9 10:01:53 UTC 2013
On 09/07/2013 07:14 AM, sukbir singh wrote:
> Dear All,
> We are using pf_ring now to capture packets. IT works well
> and its data structure allow us to be to get till level 3 protocol. We
> need is that level 4 and level protocol, url if exist and icmp and arp
> packets break down. We check that suricata have all this done but how
> does it get the packet from PF_RING and does the dissection. We just
> need some part of the dissection from suricata. Any help on this ?
>
I suggest reading the source code.
decode-* decode the packets, ethernet, ip, tcp, etc
app-layer-* decodes the higher level protocols, like http, dns, etc.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list