Snort mailing list archives

IPS snort generating (DUP) packets

From: mehdi chourib <c_didoux () yahoo fr>
Date: Tue, 13 Dec 2016 12:53:36 +0000 (UTC)

Dear all, 

My current set up is the following: 

[machine 1] <=> [snort IPS] <=> [machine 2] 

When I activated IPS and pinged [machine 2] from [machine 1], I got (DUP)! packet (duplicated) although all packets 
reach sent from [machine1] have reached [machine2]. 

When snort IPS was disabled, no problem on pings at all. I assume that most probably my setup of snort is not optimal 
for IPS inline.

Can you please give me some advises? What are the requirements towards NIC for snort IPS inline mode.? 

Thank you very much.

Best Regards.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

IPS snort generating (DUP) packets mehdi chourib (Dec 13)