[Snort-devel] snort-1.9.0b6 and barnyard discrepancies
andreas at ...836...
Thu Aug 22 15:52:03 EDT 2002
Em Thu, Aug 22, 2002 at 06:02:59PM -0300, Andreas Hasenack escreveu:
> Actually, I just tried barnyard's ascii output and it's also different
> from the tcpdump one, so it's not specific to sql output. Probably the
> unified file was generated with it.
Ok, here is what I have:
Both files representing the same capture.
Reading the tcpdump file with tcpdump itself doesn't show any anomalies.
Processing the unified file with barnyard gives different results:
- using output log_dump: ascii-barnyard-output.txt I get the txt file with
- using output log_pcap: tcpdump-barnyard-output.pcap generates a clean file,
with no anomalies
More information about the Snort-devel