[Snort-devel] snort-1.9.0b6 and barnyard discrepancies

Andreas Hasenack andreas at ...836...
Thu Aug 22 14:04:01 EDT 2002


Em Thu, Aug 22, 2002 at 04:12:57PM -0400, Chris Green escreveu:
> If you have the TCPdump file, I'd appreciate seeing it ( and the
> alert it set off ).

It's a snippet from a many-MB tcpdump file, I'll try to get this part
out somehow.

> seen anyone isolate it down to an output method or test case.   If SQL
> is different from TCP dump output, that is as good a place as any to
> start debugging.

Actually, I just tried barnyard's ascii output and it's also different
from the tcpdump one, so it's not specific to sql output. Probably the
unified file was generated with it.





More information about the Snort-devel mailing list