Snort mailing list archives
Re: snort-2.6 appears to be only seeing half the packets?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Tue, 13 Jun 2006 09:44:04 +1200
Justin Heath wrote:
Jason, Are you using the smtp preprocessor in 2.6?
Good point! Yes, I did have the "dynamicpreprocessor directory ..." defined when running 2.6 However, turning it off made no difference. Actually, looks like there's more confusion. I myself compiled snort-2.6 under FC5, whereas the old 2.4 binary I was testing against was poached off a CentOS box. When I compiled 2.4.5 on the same FC5 box, it ALSO has the same problem... i.e. 2.4.5 and 2.6.0 under FC5 appears to not be able to "see" the entire TCP stream (UDP appears to be OK - well it would wouldn't it) and as such is screwing up. This is with libdnet-devel-1.10-2.fc5 and libnet10-1.0.2a-10.fc5 PS: I don't know if it matters, but this FC5 system is on a Pentium D - i.e. 64bit. However, I found the lack of third-party 64bit apps (and bugs!) too much to bare, so I'm running x86 FC5 on it instead of 64bit. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-2.6 appears to be only seeing half the packets? Jason Haar (Jun 11)
- Re: snort-2.6 appears to be only seeing half the packets? Justin Heath (Jun 12)
- Re: snort-2.6 appears to be only seeing half the packets? Jason Haar (Jun 12)
- Re: snort-2.6 appears to be only seeing half the packets? Justin Heath (Jun 12)