Snort mailing list archives

Fw: Non-Determinism in Snort detection engine

From: "Asad, Hafiz ul" <Hafiz-ul.Asad () city ac uk>
Date: Fri, 7 Jul 2017 11:11:15 +0000

________________________________
From: Asad, Hafiz ul
Sent: Thursday, July 6, 2017 5:50 PM
To: snort-users () lists sourceforge net
Subject: Non-Determinism in Snort detection engine

Snort team,

I have recently observed that snort, having same rules (Pre-processor rules to be precise), have generated different 
number of alerts for the same pcap traffic when run twice. Is there any non-determinism in the snort engine or I might 
have done something wrong with the experiment?

regards

Asad

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Fw: Non-Determinism in Snort detection engine Asad, Hafiz ul (Jul 07)
- Re: Non-Determinism in Snort detection engine Asad, Hafiz ul (Jul 07)
  - Re: Non-Determinism in Snort detection engine Edward Borgoyn (Jul 07)
    - Re: Non-Determinism in Snort detection engine Asad, Hafiz ul (Jul 07)
    - Re: Non-Determinism in Snort detection engine Edward Borgoyn (Jul 07)
    - Re: Non-Determinism in Snort detection engine Asad, Hafiz ul (Jul 07)
    - Re: Non-Determinism in Snort detection engine Russ via Snort-users (Jul 07)
    - Re: Non-Determinism in Snort detection engine Asad, Hafiz ul (Jul 07)
    - Re: Non-Determinism in Snort detection engine Russ via Snort-users (Jul 07)
    - Re: Non-Determinism in Snort detection engine Asad, Hafiz ul (Jul 07)
    - Re: Non-Determinism in Snort detection engine Al Lewis (allewi) via Snort-users (Jul 07)

(Thread continues...)