Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Increasing Packet

From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Fri, 22 Mar 2002 10:35:36 -0500
the packet is captured and reported in the payload. 
Is there any way to increase this size in Snort?


I guess you are referring to the "snaplen" that snort uses.  By default
snort uses 1514 as it's snaplen when snorting data.  So I guess the question
is "what media are you snorting on?".  1514 would be sufficient for ethernet
(or any media with a MTU less then 1500). What you may be seeing is a
payload from source with a small MTU, ie dial-up user, where the entire
payload is split between multiple packets.

# man snort

- P snap-length

Hope this helps...

- Jeff

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: