Snort mailing list archives
Re: snort is logging alerts but not capturing corresponding packets for some rules
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 27 Apr 2011 14:46:37 -0400
No. They are in unified. On Wed, Apr 27, 2011 at 2:02 PM, waldo kitty <wkitty42 () windstream net>wrote:
On 4/26/2011 14:57, Joel Esler wrote:No, it's my fault, I should have recognized the problem. Alerts that are not based off of the pseudo packet are logged to tcpdump. The pseudo packet is created by stream5 internal to Snort to be able tofire onstream reassembled traffic (such as this). It's only externally loggedvia unified. so... we don't get a pcap of the packets used in the reassembly so that we can snoop the actual traffic?? if so, that doesn't seem right... we get pcaps for all the other alerts but just not for ones reassembled... am i understanding that correctly? ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: snort is logging alerts but not capturing corresponding packets for some rules Lay, James (Apr 25)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 25)
- Re: snort is logging alerts but not capturing corresponding packets for some rules James Lay (Apr 25)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 25)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
- Re: snort is logging alerts but not capturing corresponding packets for some rules James Lay (Apr 25)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 25)
- Message not available
- Message not available
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Lay, James (Apr 26)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Lay, James (Apr 26)
- Re: snort is logging alerts but not capturing corresponding packets for some rules waldo kitty (Apr 27)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 27)
- Message not available
- Re: snort is logging alerts but not capturing corresponding packets for some rules Agustin Roca (May 01)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Kumar, Mahendra (Apr 26)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
- Re: snort is logging alerts but not capturing corresponding packets for some rules Jason Brvenik (May 01)