Snort mailing list archives
Re: Stream5 reassembly
From: Parag Pote <pipsparag () yahoo com>
Date: Mon, 31 May 2010 05:04:23 -0700 (PDT)
Thanks Joel. But I guess since it is configure only for some specific ports it is not mandatory, right? Rgds, Parag --- On Mon, 5/31/10, Joel Esler <jesler () sourcefire com> wrote:
From: Joel Esler <jesler () sourcefire com> Subject: Re: [Snort-users] Stream5 reassembly To: "Parag Pote" <pipsparag () yahoo com> Cc: "Patrick Billings" <pbillings () sourcefire com>, "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Date: Monday, May 31, 2010, 7:31 AM This is something that is necessary for the proper intended operation of Snort, yes. -- Sent from my iPad Joel Esler 302-223-5974 Jabber:jesler () sourcefire com On May 31, 2010, at 7:09 AM, Parag Pote <pipsparag () yahoo com> wrote:Thanks patrick. But I didn't hear you saying if it is mandatory or canwe ignore it? Is it just an added feature?Parag --- On Mon, 5/31/10, Patrick Billings <pbillings () sourcefire com>wrote:From: Patrick Billings <pbillings () sourcefire com> Subject: Re: [Snort-users] Stream5 reassembly To: "Parag Pote" <pipsparag () yahoo com> Cc: snort-users () lists sourceforge net Date: Monday, May 31, 2010, 3:34 AM Hi- The ports option which can be configured as portsclient |server | both is needed to set which ports the preprocessorwillperform stream re-assembly on. For example, if you are wanting to re-assemble thetrafficto your webserver, then you would want to check for port80 forhttp(tcp) traffic but you may not care not be concernedabout theport the browser is using, as it will be a random port. The default setting is: ports client 21 2325 42 5380 110 111 135 136 137 139 143 445 513 514 1433 1521 24013306HTH, Patrick On Mon, May 31, 2010 at 1:31 PM, Parag Pote <pipsparag () yahoo com> wrote:Hi, What does ports (ports client and ports both)means instream5 preprocessor? Just had a glance at thecode and itsays it does reassembly when we configure thisoption. Justwanted to know is it mandatory to configure it oroptionalone? If we do not configure do we miss anyfunctionality?Rgds, Parag------------------------------------------------------------------------------_______________________________________________Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stream5 reassembly Parag Pote (May 30)
- Re: Stream5 reassembly Patrick Billings (May 31)
- Re: Stream5 reassembly Parag Pote (May 31)
- Re: Stream5 reassembly Joel Esler (May 31)
- Re: Stream5 reassembly Parag Pote (May 31)
- Re: Stream5 reassembly Joel Esler (May 31)
- Re: Stream5 reassembly Parag Pote (Jun 01)
- Re: Stream5 reassembly Patrick Billings (Jun 01)
- Re: Stream5 reassembly Joel Esler (Jun 01)
- Re: Stream5 reassembly Parag Pote (May 31)
- Re: Stream5 reassembly Patrick Billings (May 31)