Snort mailing list archives

Re: UDP capture packet issue

From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Sun, 8 Apr 2018 21:29:36 +0000

It will be pretty difficult to assist if you don’t provide:


  1.  How you started snort (meaning what flags used)
  2.  The pcap itself so someone can inspect and/or test it
  3.  (optional) The config file


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: "rugg.vale () email it" <rugg.vale () email it>
Reply-To: "rugg.vale () email it" <rugg.vale () email it>
Date: Sunday, April 8, 2018 at 4:59 PM
To: "Al Lewis (allewi)" <allewi () cisco com>, "snort-users () lists snort org" <snort-users () lists snort org>
Subject: Re: [Snort-users] UDP capture packet issue

Hi Al The pcap file is from mawilab dataset, and in the statistics don't show any discard UDP packets. I have starting 
Snort in NIDS mode, with the simple rule: alert udp any any -> any any (msg:"UDP packet"; sid:10002), but the alert log 
too, don't show UDP packets. Maybe i must change something in the config file ? thank you for answar best regards 
--------- Original Message -------- Da: Al Lewis allewi To: snort-users () lists snort org Oggetto: Re: [Snort-users] 
UDP capture packet issue Data: 08/04/18 22:19 > > > > > > > > > > Can you provide the pcap? > Â  > Does the snort exit 
stats show discarded packets? > Â  > Does the pcap have bad checksums? > Â  > How are you starting snort? > Â  > Â  > > 
Albert Lewis > ENGINEER.SOFTWARE ENGINEERING > Cisco Systems Inc. > Email:Â allewi () cisco comÂ  > > Â  > > From: 
Snort-users on behalf of "rugg.vale () email it" > Reply-To: "rugg.vale () email it" > Date: Sunday, April 8, 2018 at 
3:30 PM > To: "snort-users () lists snort org" > Subject: [Snort-users] UDP capture packet issue > > > Â  > > Hi i've a 
problem with udp packets. I've read a pcap file with snort, and in the breackdown by protocol don't show any packet 
UDP, the same pcap file open with wireshark shaw a lot of UDP packet. Could you please > why i can't see the UDP 
packets with snort? thank you in advance for the help. best regards > > > > > > >

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

UDP capture packet issue rugg . vale (Apr 08)
- Re: UDP capture packet issue Al Lewis (allewi) via Snort-users (Apr 09)
- Re: UDP capture packet issue wkitty42 (Apr 09)
- Re: UDP capture packet issue James Lay (Apr 09)
- <Possible follow-ups>
- Re: UDP capture packet issue rugg . vale (Apr 09)
  - Re: UDP capture packet issue Al Lewis (allewi) via Snort-users (Apr 09)
- Re: UDP capture packet issue rugg . vale (Apr 09)
  - Re: UDP capture packet issue Al Lewis (allewi) via Snort-users (Apr 09)