Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libpcap mmap issues on Snort

From: Anand Raj Manickam <anandrm () gmail com>
Date: Mon, 11 Aug 2014 21:49:09 +0530
Any Suggestions ?

On Fri, Aug 8, 2014 at 12:42 PM, Anand Raj Manickam <anandrm () gmail com> wrote:

Hi,
This is a followup to the email thread - http://seclists.org/snort/2014/q3/547
I m running Snort on Mirror/SPAN port .
I have been facing a issue where the packets got internal
fragmentation / split on libpcap due which snort was failing to
Inspect packets.
When "HAVE_PACKET_RING" code was disabled in libpcap and rebuild ,
Snort was able to Inspect packets right.
But the issue post this was , i was able to run only one flow /
connection . Beyond a single connection , i was not able to interrupt
the snort process (Ctrl + C) fails to summarize the reports .

Thanks,


------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: