Snort mailing list archives
trace files filling with ICMP
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Wed, 26 Dec 2001 18:13:11 -0500
Hello, I have Snort 1.8 running on Red Hat Linux 7.0. I just downloaded the latest Snort rules and also installed the latest snort.conf from the archive. My trace files are huge (700 meg) and looking in them I see a lot of traces like below, though my reports aren't showing any ICMP stuff. For some reason the trace feature is gathering all ICMP traffic and it's making the logs unmanagable. Anyone know how to get rid of this? Thanks! =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 12/23-00:16:14.370558 10.10.10.10 -> 200.200.200.200 ICMP TTL:254 TOS:0x0 ID:12291 IpLen:20 DgmLen:28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- trace files filling with ICMP Sheahan, Paul (PCLN-NW) (Dec 26)
- Re: trace files filling with ICMP Phil Wood (Dec 27)
- <Possible follow-ups>
- RE: trace files filling with ICMP Sheahan, Paul (PCLN-NW) (Dec 28)
- Re: trace files filling with ICMP Phil Wood (Dec 28)
- RE: trace files filling with ICMP Ofir Arkin (Dec 30)
- Re: trace files filling with ICMP Phil Wood (Dec 28)