Snort mailing list archives
Re: snort inline timing out after about 65KB
From: Matt Olney <molney () sourcefire com>
Date: Tue, 24 May 2011 22:07:18 -0400
Time out seems a viable guess. One thing is that we now have require_3whs option on by default, which means when you timeout, you won't come back into stream because we'll never see the session setup. If you don't have this then you will see your session float in and out of stream state...you can check on how this is going using show_rebuilt_packets, which gives you a definitive look at what Snort thinks about the stream state. Just some late-night after work thoughts... On Tue, May 24, 2011 at 2:40 PM, beenph <beenph () gmail com> wrote:
Its a wild guess but mabey its the stream5 timeout option... timeout <num seconds> Session timeout. The default is ”30”, the minimum is ”1”, and the maximum is ”86400” (approximately 1 day). Arround page 43 in snort manual -elz On Tue, May 24, 2011 at 2:13 PM, Daniel Browning-Weber <weberdan () gmail com> wrote:I have an issue with Snort (both 2.8.6.1 and 2.9) in IPS mode. Snort stops processing packets after about 65,536 bytes have been sent out on a connection. Sometimes the connection will pause for 40-50 seconds and then resume. Other times the connection will never recover. I've seen this even with a totally blank snort config file. Is there some setting I need to change?------------------------------------------------------------------------------vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort inline timing out after about 65KB Daniel Browning-Weber (May 24)
- Re: snort inline timing out after about 65KB beenph (May 24)
- Re: snort inline timing out after about 65KB Matt Olney (May 24)
- Re: snort inline timing out after about 65KB beenph (May 24)