corrupted packet traces?

["Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>]

Hello,

I'm using Snort Version 1.9.0 (Build 209) on RH Linux 7.0. Stats on my
system show that NO packets are being dropped and all appears to be working
normally. I created a custom rule to check for an internal domain name,
which flagged a few hundred packets from web sessions. When I review the
packet traces with people here, we all seem to think the packet traces CAN'T
be valid web session packet traces. It almost appears as though the packet
traces show one particular packet, though it is actually two unrelated
packets lumped together or something (like information in the beginning of
the packet doesn't have any relation to info at the end of the packet). I
was wondering if anyone has seen such a thing before?

Thanks,

Paul Sheahan
Manager of Information Security
Priceline.com
paul.sheahan () priceline com




-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will
allow you to extend the highest allowed 128 bit encryption to all your 
clients even if they use browsers that are limited to 40 bit encryption. 
Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users