Snort mailing list archives

Re: Snort Inline with TCP Connection

From: Navdeep Uniyal <Navdeep.Uniyal () neclab eu>
Date: Mon, 24 Jul 2017 14:09:03 +0000

+snort-devel list

From: Navdeep Uniyal
Sent: Montag, 24. Juli 2017 15:57
To: 'Snort-users () lists sourceforge net'; 'Al Lewis (allewi)'
Subject: RE: [Snort-devel] Snort Inline with TCP Connection

Hi Everyone,

Could someone please help me with this issue.

Best Regards,
Navdeep

From: Navdeep Uniyal
Sent: Freitag, 21. Juli 2017 09:29
To: 'Al Lewis (allewi)'; Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Subject: RE: [Snort-devel] Snort Inline with TCP Connection

I am using this command:
src/snort -A console -Q -c snort.conf -i eth1:eth2

whereas my snort.conf file contains:

#include /home/ubuntu/SNORT/ip.rules

config daq: afpacket
config daq_mode: inline

preprocessor normalize_ip4
config min_ttl: 60
config new_ttl: 60

The issue is only with tcp connections. Ping works fine.

Regards,
Navdeep

From: Al Lewis (allewi) [mailto:allewi () cisco com]
Sent: Donnerstag, 20. Juli 2017 17:37
To: Navdeep Uniyal; Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Subject: Re: [Snort-devel] Snort Inline with TCP Connection

How are you running snort inline? (what command are you starting snort with)

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-devel <snort-devel-bounces () lists snort org<mailto:snort-devel-bounces () lists snort org>> on behalf of 
Navdeep Uniyal <Navdeep.Uniyal () neclab eu<mailto:Navdeep.Uniyal () neclab eu>>
Date: Thursday, July 20, 2017 at 11:18 AM
To: "snort-devel () lists snort org<mailto:snort-devel () lists snort org>" <snort-devel () lists snort 
org<mailto:snort-devel () lists snort org>>, 'snort-users' <Snort-users () lists sourceforge net<mailto:Snort-users () 
lists sourceforge net>>
Subject: [Snort-devel] Snort Inline with TCP Connection

Hello guys,

I am trying to set up snort inline while on one end of snort is my TCP server running. The other port is connected to 
another machine. While ping works between those, there are issues with tcp sonnection.

TCP is getting Spurious retransmission. The issue is not with the server as it works without snort perfectly well. 
Also, using TCP dump I could see the response ACK being  received from receiver to sender.

Please if someone could help setting up this connection.

Best Regards,
Navdeep

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort Inline with TCP Connection Navdeep Uniyal (Jul 20)
- <Possible follow-ups>
- Re: Snort Inline with TCP Connection Navdeep Uniyal (Jul 24)