Re: Re: Snort swapping src and dst in binary log?

[Erek Adams <erek () snort org>]

On Wed, 9 Jul 2003, Tony Lill wrote:

> I've seen it for quite a while, and it's not just in writing the
> binary log files. I usually see http requests stitched into mail
> streams. I even submitted a bug report. You'd think you'd see more
> concern about a bug that renders all of snort's reports suspect.

[...snip...]

I am not a coder.  That said...

There is concern about the issue.  There is also a serious lack of data to
reproduce it.  Think of it as going to the auto shop and saying
"something's wrong" without being able to describe what you feel is wrong.

If you have data on this, _please_ submit it.  The best thing would be a
pcap of the packets from tcpdump with a 65535 snaplen and pcap from snort
with the switched packets.  If you (or anyone else) have that info, please
send it to the snort-devel list.  If you don't want to send your pcap info
to the world, please contact a team member privately with the info.

Thanks!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users