Snort mailing list archives
Re: FATAL ERROR: Cannot check flow connection for non-TCP traffic
From: JJC <cummingsj () gmail com>
Date: Mon, 28 Jan 2008 13:47:33 -0500
Be sure that you are using the latest configuration file and don't modify the spp module section (other than modification to fit your environment)... see if it will start then. I have seen many people using the old original config file, there are lots of things missing that are new features etc... in the new snort.conf that is included with the most recent releases. JJC On Jan 28, 2008 1:14 PM, Nathaniel Richmond <nate+snort () richmond-family org> wrote:
If you're using stream4, either switch to stream5 or use "--enable-stream4udp" among your other options when configuring. I'm guessing the consensus would be to use stream5. Nate Security Admin (NetSec) wrote:I have googled for this error for a few months now (running latest 2.8.0.1) for a few weeks now, and have not found a reasonable solution to this problem. The cause appears to be in the udp rule set for just about every single udp rule across multiple rules sets. The solutions I have found thus far have been to either modify the specific rule (which could take forever depending on the # of udp rules I have to modify), disabling the udp rule (again time-consuming) or disabling the rule set entirely. I tried the third method, but with the amount of rulesets removed it left me with little to analyze. I suspect a better solution is around, so if anyone knows and can respond, much appreciated. FYI I am not running IpCop Best Regards, Edward Ray -- This mail was scanned by BitDefender For more informations please visit http://www.bitdefender.co-------------------------------------------------------------------------This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- flexresp2 breaks 2.8.0.1? Jason Haar (Jan 27)
- Re: flexresp2 breaks 2.8.0.1? James Lay (Jan 27)
- FATAL ERROR: Cannot check flow connection for non-TCP traffic Security Admin (NetSec) (Jan 28)
- Message not available
- Re: FATAL ERROR: Cannot check flow connection for non-TCP traffic Nathaniel Richmond (Jan 28)
- Re: FATAL ERROR: Cannot check flow connection for non-TCP traffic JJC (Jan 28)
- Re: flexresp2 breaks 2.8.0.1? James Lay (Jan 27)