Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Loosing alerts with 1.8.1-beta5 (was: Linux and packet loss

From: Andreas Östling <andreaso () it su se>
Date: Fri, 3 Aug 2001 01:01:28 +0200 (CEST)

On Fri, 3 Aug 2001, Jason Haar wrote:
...

tcpdump running on the snort host picked up the port 80 packets (tcpdump -s
65000 -w tcpdump.log - then ran ethereal over it - saw the content). Snort
didn't catch it. This was with a snort-1.8.1-beta5 that had been running for
3 days.

...

Anything else I can do to find the fault?

...

You could try different combinations/versions of the preprocessors.
Perhaps disable all of them and then enable one by one and see if
something happens.

/Andreas


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: