Snort mailing list archives

Re: Snort Inline

From: Xavier Cabrera <xavierc () devilcrack org>
Date: Mon, 06 Jun 2005 17:54:29 -0500

This sample is for one second, A LOT OF PACKETS! at this point i goingto think there are some buffer full on iptables or there are to manypackets to snort can't process all... i don't know...


:(

Xavier C.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/06-18:47:29.428524 218.85.225.139:3420 -> x.x.x.x:80
TCP TTL:115 TOS:0x0 ID:27205 IpLen:20 DgmLen:48 DF
******S* Seq: 0xEB2B94D8  Ack: 0x0  Win: 0xFAF0  TcpLen: 28
TCP Options (4) => MSS: 1432 NOP NOP SackOK

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

===============================================================================

Snort processed 195 packets.
===============================================================================
Breakdown by protocol:

TCP: 195 (100.000%)


Will Metcalf wrote:

If you start snort with -v do you see your packets bound for port 80?

Regards,

Will


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?

If you want to score the big prize, get to know the little guy.Play to win an NEC 61" plasma display: http://www.necitguy.com/?r_______________________________________________

Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?

If you want to score the big prize, get to know the little guy.Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Base Graphs... Narayan Sivaramakrishnan (Jun 06)
- Snort Inline Xavier Cabrera (Jun 06)
  - Re: Snort Inline Victor Julien (Jun 06)
    - Re: Snort Inline Xavier Cabrera (Jun 06)
    - Re: Snort Inline Will Metcalf (Jun 06)
    - Re: Snort Inline Xavier Cabrera (Jun 06)
    - Re: Snort Inline Will Metcalf (Jun 06)
    - Re: Snort Inline Xavier Cabrera (Jun 06)
  - Re: Snort Inline Matt Kettler (Jun 06)
- Re: Base Graphs... Dominik Gehl (Jun 06)
  - Re: Base Graphs... Joel Esler (Jun 07)
- <Possible follow-ups>
- RE: Base Graphs... Briggs, Bruce (Jun 07)