Re: snort behind TAP & asynchronous_link

[Chris Green <cmg () sourcefire com>]

"Ian Macdonald" <secsnort () dirk demon co uk> writes:

> I think the problem is that you are only seeing one side of the
> conversation. Copper taps generally split the taped data into send and
> receive wires, So Tap A is one direction of the traffic and Tap B is the
> other.

That is the problem from snort with basic preprocessor stream
reassembly mode.  asychronous_link is to work around that and
reassemble as well as it can.
-- 
Chris Green <cmg () sourcefire com>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users