Snort mailing list archives

Re: session log

From: Chris Green <cmg () sourcefire com>
Date: Mon, 08 Apr 2002 14:56:23 -0400

Peng Yong <ppyy () staff cn99 com> writes:

when i log smtp session with snort 1.8.5, will it handle TCP
retransmision and fragment correctly?


Log rules log everything so if you are using binary log files, its up
to your tool to reassemble them correctly.

FYI, ethereal's view session is pretty brute forceish and doesn't
necessarily show you the same thing the session will see.
-- 
Chris Green <cmg () sourcefire com>
This is my signature. There are many like it but this one is mine.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

session log Peng Yong (Apr 07)
- Re: session log Chris Green (Apr 08)