"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/user/daq.txt" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

daq.txt  (snort3-3.1.28.0):daq.txt  (snort3-3.1.29.0)
skipping to change at line 252 skipping to change at line 252
The available commands are: The available commands are:
$client <ip4> <port> $client <ip4> <port>
$server <ip4> <port> $server <ip4> <port>
$packet -> client $packet -> client
$packet -> server $packet -> server
$packet <addr> <port> -> <addr> <port> $packet <addr> <port> -> <addr> <port>
$sof <i32:ingressZone> <i32:egressZone> <i32:ingressIntf> <i32:egressIntf> < $sof <i32:ingressZone> <i32:egressZone> <i32:ingressIntf> <i32:egressIntf> <
s:srcIp> <i16:srcPort> <s:destIp> <i16:dstPort> <u32:opaque> <u64:initiatorPkts> s:srcIp> <i16:srcPort> <s:destIp> <i16:dstPort> <u32:opaque> <u64:initiatorPkts>
<u64:responderPkts> <u64:initiatorPktsDropped> <u64:responderPktsDropped> <u64: <u64:responderPkts> <u64:initiatorPktsDropped> <u64:responderPktsDropped> <u64:
initiatorBytesDropped> <u64:responderBytesDropped> <u8:isQosAppliedOnSrcIntf> <t initiatorBytesDropped> <u64:responderBytesDropped> <u8:isQosAppliedOnSrcIntf> <t
imeval:sof_timestamp> <timeval:eof_timestamp> <u16:vlan> <u16:address_space_id> imeval:sof_timestamp> <timeval:eof_timestamp> <u32:address_space_id> <u32:tenant
<u8:protocol> _id> <u16:vlan> <u8:protocol> <u8:flags>
$eof <i32:ingressZone> <i32:egressZone> <i32:ingressIntf> <i32:egressIntf> < $eof <i32:ingressZone> <i32:egressZone> <i32:ingressIntf> <i32:egressIntf> <
s:srcIp> <i16:srcPort> <s:destIp> <i16:dstPort> <u32:opaque> <u64:initiatorPkts> s:srcIp> <i16:srcPort> <s:destIp> <i16:dstPort> <u32:opaque> <u64:initiatorPkts>
<u64:responderPkts> <u64:initiatorPktsDropped> <u64:responderPktsDropped> <u64: <u64:responderPkts> <u64:initiatorPktsDropped> <u64:responderPktsDropped> <u64:
initiatorBytesDropped> <u64:responderBytesDropped> <u8:isQosAppliedOnSrcIntf> <t initiatorBytesDropped> <u64:responderBytesDropped> <u8:isQosAppliedOnSrcIntf> <t
imeval:sof_timestamp> <timeval:eof_timestamp> <u16:vlan> <u16:address_space_id> imeval:sof_timestamp> <timeval:eof_timestamp> <u32:address_space_id> <u32:tenant
<u8:protocol> _id> <u16:vlan> <u8:protocol> <u8:flags>
Client and server are determined as follows. $packet -> client indicates Client and server are determined as follows. $packet -> client indicates
to the client (from server) and $packet -> server indicates a packet to the to the client (from server) and $packet -> server indicates a packet to the
server (from client). $packet followed by a 4-tuple uses the heuristic server (from client). $packet followed by a 4-tuple uses the heuristic
that the client is the side with the greater port number. that the client is the side with the greater port number.
The default client and server are 192.168.1.1 12345 and 10.1.2.3 80 The default client and server are 192.168.1.1 12345 and 10.1.2.3 80
respectively. $packet commands with a 4-tuple do not change client and respectively. $packet commands with a 4-tuple do not change client and
server set with the other $packet commands. server set with the other $packet commands.
 End of changes. 1 change blocks. 
12 lines changed or deleted 12 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)