snort tcp session reassembly

["gupta_sonali" <gupta_sonali () indiatimes com>]

Hello, 
I am using snort 1.8.7 to log packets from a TCP dump. In the conf file I specify the following rule : log tcp any any 
<> any any (session: binary;). This is placing all packets with the same source and destination port combination 
into a single file, but the packets are in the order in which they were captured, which is not the actual sequence of 
packets.

 Is there any way to make snort arrange the packets in proper sequence based on their TCP sequence nos. as "Follow TCP 
Stream" in Ethereal does, so that the packets are oibtained in the proper order in which they should be, not in the 
order in which they arrived. 

P.S. I tried stream4 preprocessor, but that did not work for this 


Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

 Buy the best in Movies at http://www.videos.indiatimes.com

Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now !



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users