Snort mailing list archives
Re: session log
From: Chris Green <cmg () sourcefire com>
Date: Mon, 08 Apr 2002 14:56:23 -0400
Peng Yong <ppyy () staff cn99 com> writes:
when i log smtp session with snort 1.8.5, will it handle TCP retransmision and fragment correctly?
Log rules log everything so if you are using binary log files, its up to your tool to reassemble them correctly. FYI, ethereal's view session is pretty brute forceish and doesn't necessarily show you the same thing the session will see. -- Chris Green <cmg () sourcefire com> This is my signature. There are many like it but this one is mine. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- session log Peng Yong (Apr 07)
- Re: session log Chris Green (Apr 08)