Snort mailing list archives
Re: I don't get any alerts when reading from file.
From: <dimopoulos () mhl tuc gr>
Date: Wed, 4 Aug 2004 12:46:32 +0300 (EEST)
You are absolutely right! I could kiss you! Hell, I'm so happy I could kiss everybody!!!That was exactly the problem. The packets I was generating had all checksums set to 0, because when I was reading the various protocols each said that a checksum of 0 means that no checksum is generated. It never occured to me that snort might reject such packets.Thanks a bunch to everyone! You've been great help!
Do the packets that you created have the correct checksums - IP, and tcp/udp/icmp? If the checksums are not correct, you may not get alerts. It looks like there is a configure option : config checksum_mode : none that will turn off validating checksums. Judy
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- I don't get any alerts when reading from file. dimopoulos (Jul 30)
- Re: I don't get any alerts when reading from file. sekure (Jul 30)
- <Possible follow-ups>
- Re: I don't get any alerts when reading from file. dimopoulos (Aug 02)
- Re: Re: I don't get any alerts when reading from file. Martin Roesch (Aug 02)
- Re: Re: I don't get any alerts when reading from file. dimopoulos (Aug 03)
- Re: Re: I don't get any alerts when reading from file. Martin Roesch (Aug 02)
- Re: I don't get any alerts when reading from file. dimopoulos (Aug 04)