Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: catching some alerts, but NOT consistent

From: "Casiano, Jason (Sys Admin)" <casiano () ufl edu>
Date: Sun, 16 Sep 2007 22:38:41 -0400
I should add that pipe -i2 -v into find "3389" will detect the connection traffic. Its strange and I cannot get snort 
to alert for the life of me

-----Original Message-----
From: Jason Brvenik [mailto:jasonb () sourcefire com] 
Sent: Sunday, September 16, 2007 8:44 PM
To: Casiano, Jason (Sys Admin)
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] catching some alerts, but NOT consistent



Casiano, Jason (Sys Admin) wrote:



broadcom BCM5708C

Winsrv2k3 wsp2

Winpcap 401

Snort exec= -cc:\snort\etc\snort.conf –ld:\logs\snort –Kascii –i2

 

im using a terminal service request alert to verify snort functionality
on my servers, however ive got a couple using the broadcom BCM5708C
netextreme 2 adapters that dont seem to report on a term server request,
however icmp request report just dandy.

any ideas? i truly would like to iron this out, ive been pulling my hair
our for 3 weeks now.

 


My first guess because of ICMP / Non ICMP is going to be checksum
issues. What happens when you run snort adding -k none?
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: