Snort mailing list archives
Re: Help!! Problem testing Snort
From: <ravivsn () roc co in>
Date: Mon, 9 Feb 2004 19:53:05 +0530 (IST)
What are you expecting from snort ;) to generate false positives :) Snort current version is now improved to the version which generated false positives. Snort would have generated BAD-traffic because may be stick is generating malformed packets. Hmm, I understood your english :) Its not bad. Cheers, -Ravi Rendezvous On Chip (I) Pvt Ltd http://www.rocsys.com
Hi! Please I need help!! I'm testing Snort with Stick. I run Stick with Snort signatures, but Snort doesn't detect them how I expected. I only get a lot of identical alerts like this: snort_decoder: Invalid UDP header, length field <8 snort_decoder:Unknown Datagram Decoding Problem I get an important number of packets discard too, but I don't understand what this exactly means and if is there any relation. I'm really worried because I'm not sure if the detection motor is running well about signatures detection. Most of time, Snort sends preprocessors messages (alerts) except some ICMP or BAD-TRAFFIC rules alerts. It seems strange, doesn't it? Snort analyzed 3010 out of 3010 packets, dropping 0(0.000%) packets Breakdown by protocol: Action Stats: TCP: 2122 (70.498%) ALERTS: 368 UDP: 238 (7.907%) LOGGED: 736 ICMP: 622 (20.664%) PASSED: 0 ARP: 16 (0.532%) EAPOL: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 250 (8.306%) I'm sorry if my English is difficult to understand!! Cheers!! --------------------------------- Antivirus #8226; Filtros antispam #8226; 6 MB gratis ¿Todavía no tienes un correo inteligente?
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help!! Problem testing Snort Gema de Toro Sánchez (Feb 09)
- Re: Help!! Problem testing Snort ravivsn (Feb 09)