I am relatively new to Suricata.
How would I write a Lua script to get the IP address of a given connection? is the best way to write some sort of decoder from hex and to just use the whole http packet?
I am relatively new to Suricata.
How would I write a Lua script to get the IP address of a given connection? is the best way to write some sort of decoder from hex and to just use the whole http packet?
You can use SCPacketTuple
or SCFlowTuple
:
https://suricata.readthedocs.io/en/suricata-6.0.1/lua/lua-functions.html#scpackettuple
https://suricata.readthedocs.io/en/suricata-6.0.1/lua/lua-functions.html#scflowtuple