Snort mailing list archives

RE: Tagged Packet

From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Tue, 28 Sep 2004 15:14:10 -0400

tagged packets... look for a rule with the keyword "tag:" in it.
usually tagged sessions are important.  tagged sessions are especially
helpful if you are logging in binary mode, you can reconstruct the
session.
 
J

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rowland,
Krisa W ERDC-ITL-MS Contractor
Sent: Tuesday, September 28, 2004 11:45 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Tagged Packet



I am suddenly getting all these Tagged Packet alerts.  Seems like I
turned this off before - can someone remind me how to do this?

Current thread:

Tagged Packet Rowland, Krisa W ERDC-ITL-MS Contractor (Sep 28)
- Re: Tagged Packet Dirk Geschke (Sep 28)
- <Possible follow-ups>
- RE: Tagged Packet Esler, Joel - Contractor (Sep 28)