Re: Snort sfpreprocessor question

["Al Lewis (allewi)" <allewi () cisco com>]

Can you provide a conf and pcap of the traffic that is generating PROTO:255 alerts please?

Thanks

Albert Lewis
QA SNORT/Sourcefire
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Leo Nespoli [mailto:leo4b () hotmail it]
Sent: Monday, May 30, 2016 2:06 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort sfpreprocessor question


Hello,



Is it possible to change the protocol field generated by sfpreprocessor?

I have some logs with {PROTO:255}, and I'd like to change this field.



Thanks,

MaLeo.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!