Snort mailing list archives
RE: Tagged Packet
From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Tue, 28 Sep 2004 15:14:10 -0400
tagged packets... look for a rule with the keyword "tag:" in it. usually tagged sessions are important. tagged sessions are especially helpful if you are logging in binary mode, you can reconstruct the session. J -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rowland, Krisa W ERDC-ITL-MS Contractor Sent: Tuesday, September 28, 2004 11:45 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Tagged Packet I am suddenly getting all these Tagged Packet alerts. Seems like I turned this off before - can someone remind me how to do this?
Current thread:
- Tagged Packet Rowland, Krisa W ERDC-ITL-MS Contractor (Sep 28)
- Re: Tagged Packet Dirk Geschke (Sep 28)
- <Possible follow-ups>
- RE: Tagged Packet Esler, Joel - Contractor (Sep 28)