[Oisf-users] Recommend communication mechanism between Suricata engine and another process

tidy at holonetsecurity.com tidy at holonetsecurity.com
Sat Mar 25 15:07:11 UTC 2017

Hi  Andreas,

	The SSL Proxy working as Transparent proxy(using iptables TPROXY) plus Bridge mode, the bridge interfaces say eth1 are using to receive  and lo to forward the packets.
       Another side,  since the SSL Proxy works based on application layer data, the SSL proxy needs fake L2 + L3 packet heads if choosing  Unix Sockets as communication channel. so I am not sure which one is more suitable to solve this.
	Very appreciate your kind help!


> On Mar 25, 2017, at 7:56 AM, Andreas Herz <andi at geekosphere.org> wrote:
> On 24/03/17 at 10:01, tidy at holonetsecurity.com wrote:
>> I’m trying copy packets from an SSL decrypting process to Suricata on
>> the same machine, could you help to recommend mechanism to talk
>> between the SSL decrypting process and Suricata. 1) virtual network
>> card interface 2) Unix Sockets (Suricata only support pcap files using
>> command). 3)?
> Well what process are you using and how does it receive and forward the
> packets?
> -- 
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

More information about the Oisf-users mailing list