[Snort-devel] code documentation (stream4)

Hi all,  

   Newless cluebie question here: Is there a developers' guide or some similar document out there? I've read the users' guide, FAQ, doc/ directory, and whatnot, and I haven't found much about Snort's internals. If the answer's no, I can't complain, but if there is one I might as well use it.

   In particular, I'm trying to just use a small sliver of Snort's functionality: I basically want a glorified tcpdump, but I'd like to log TCP connections as reconstructed byte streams, rather than just packet dumps. As I understand it, the stream4 preprocessor already does this reconstruction, so I'm trying to figure out how to directly output the results. Am I barking up the wrong tree in thinking this is a good idea?

 Thanks,

 Eric  

-- 
Eric W. Anderson - anderson@cs.uoregon.edu
University of Oregon Network Security Research Lab
PGP fingerprints:
D3C5 D6FF EDED 9F1F C36D 53A3 74B7 53A6 3C74 5F12
9544 C724 CAF3 DC63 8CAB  5F30 68AE 5C63 B282 2D79

------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-devel mailing list Snort-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-devel