Hosting Provided By

Re: [Snort-devel] endian-ness in barnyard

From: Andrew R. Baker <andrewb(at)snort.org>
Date: Fri May 02 2003 - 11:53:17 EDT

Javier Guerra wrote:
> Hi
>
> I'm just starting to in Snort. I have just set up a sensor on a network and i

Yes, currently Barnyard uses host order formatting. This is a known issue and a fix is planned.

> the 'best' solution would be to save unified logfiles in 'network order' and

The planned solution is to implement something similar to libpcap. libpcap will write output files using host byte ordering. When reading, it will detect the byte ordering and perform the swapping as appropriate. IMHO, this is the best solution to ensure compatibility. I have some code that does this, but it is tightly integrated with other code that is not ready for release.

-A

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Fri May 2 12:17:49 2003

This message: [ Message body ]
Next message: Tom Danielsen: "[Snort-devel] Bug in Snort 2.0"
Previous message: Martin Olsson: "[Snort-devel] A couple of bugs in snort v2.0.0"
In reply to Javier Guerra: "[Snort-devel] endian-ness in barnyard"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:05 EDT