Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What is this I see?

From: Joel Esler <jesler () sourcefire com>
Date: Tue, 11 Sep 2012 15:31:38 -0400
Looks like you might want to up your stream5 settings (memcap, etc).  Check out README.stream5 in the doc/ directory of 
your tar ball.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Sep 11, 2012, at 12:10 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:


Can someone help me out- what is this that I see when Snort starts "commencing packet processing" :

S5: Session exceeded configured max bytes to queue 1048576 using 1049442 bytes (server queue). 172.16.100.107 61937 
--> 180.190.148.148 80 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126802 bytes (stale/timeout). 172.16.4.155 1087 --> 172.16.100.223 8014 
(0) : LWstate 0x9 LWFlags 0x65e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049767 bytes (client queue). 172.16.5.144 1304 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1125451 bytes (closed normally). 172.16.5.144 1304 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Pruned session from cache that was using 1124810 bytes (stale/timeout). 172.16.4.165 1040 --> 172.16.100.223 8014 
(0) : LWstate 0x9 LWFlags 0x616007
S5: Pruned session from cache that was using 1128510 bytes (stale/timeout). 172.16.105.13 1132 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x65e007
S5: Pruned session from cache that was using 1122890 bytes (stale/timeout). 172.16.4.166 1066 --> 172.16.100.223 8014 
(0) : LWstate 0x9 LWFlags 0x616007
S5: Pruned session from cache that was using 1127508 bytes (stale/timeout). 172.16.1.122 1039 --> 172.16.100.223 8014 
(0) : LWstate 0x9 LWFlags 0x65e007
S5: Session exceeded configured max bytes to queue 1048576 using 1048622 bytes (client queue). 172.16.100.231 60670 
--> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126006 bytes (closed normally). 172.16.100.231 60670 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1048628 bytes (client queue). 172.16.100.231 65349 
--> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1144168 bytes (stale/timeout). 172.16.100.231 65349 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1049249 bytes (client queue). 172.16.100.113 1743 
--> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1125953 bytes (closed normally). 172.16.100.113 1743 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049060 bytes (client queue). 172.16.100.231 54741 
--> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126376 bytes (stale/timeout). 172.16.100.231 54741 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1049006 bytes (client queue). 172.16.100.231 57288 
--> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126254 bytes (closed normally). 172.16.100.231 57288 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1048736 bytes (client queue). 172.16.100.231 58937 
--> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1146044 bytes (stale/timeout). 172.16.100.231 58937 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1049374 bytes (client queue). 172.16.100.231 60610 
--> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126486 bytes (stale/timeout). 172.16.100.231 60610 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1048952 bytes (client queue). 172.16.100.231 62333 
--> 172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1126132 bytes (stale/timeout). 172.16.100.231 62333 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1048946 bytes (client queue). 172.16.44.53 1312 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Session exceeded configured max bytes to queue 1048576 using 1049107 bytes (client queue). 172.16.4.177 1116 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Session exceeded configured max bytes to queue 1048576 using 1049195 bytes (client queue). 172.16.5.185 1089 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1136895 bytes (closed normally). 172.16.4.177 1116 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Pruned session from cache that was using 1127327 bytes (closed normally). 172.16.5.185 1089 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049205 bytes (client queue). 172.16.4.82 1048 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1125501 bytes (closed normally). 172.16.4.82 1048 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1048732 bytes (client queue). 172.16.4.183 1083 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Session exceeded configured max bytes to queue 1048576 using 1049149 bytes (client queue). 172.16.5.170 1133 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1117965 bytes (closed normally). 172.16.5.170 1133 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049751 bytes (client queue). 172.16.5.217 1063 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1119179 bytes (closed normally). 172.16.5.217 1063 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Session exceeded configured max bytes to queue 1048576 using 1049466 bytes (client queue). 172.16.1.46 1101 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007
S5: Pruned session from cache that was using 1118010 bytes (closed normally). 172.16.1.46 1101 --> 172.16.100.223 
8014 (0) : LWstate 0x9 LWFlags 0x60e007
S5: Pruned session from cache that was using 1118986 bytes (stale/timeout). 172.16.44.53 1312 --> 172.16.100.223 8014 
(0) : LWstate 0x9 LWFlags 0x616007
S5: Session exceeded configured max bytes to queue 1048576 using 1049556 bytes (client queue). 172.16.2.25 1332 --> 
172.16.100.223 8014 (0) : LWstate 0x9 LWFlags 0x406007


Thanks...
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: