[Bro] signature match
Jai Prakash D R
jprakash at tataelxsi.co.in
Wed Nov 29 04:10:46 PST 2006
Hi,
I am working with bro-0.9 signatuers. Please let me know where exactly the
packets is being compared against the all the available signatuers.
Once a signature is matched i want to get the rule->ID( ) of that signature.
When i am using the below piece of code from RuleMatcher.cc
loop_over_list(accepted, i)
{
Rule* r = Rule::rule_table[accepted[i] - 1];
#ifdef MATCHER_PRINT_DEBUG
fprintf(stderr, "%.06f Checking rule: %s\n",
network_time, r->id);
#endif
}
the rule->id's of previously matched signatues are bing displayed.
please help me in this regard.
Regards
Prakash.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 1720 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20061129/300762f8/attachment.bin
More information about the Bro
mailing list