[Snort-devel] snort-1.9.0b6 and barnyard discrepancies

Andreas Hasenack andreas at ...836...
Thu Aug 22 15:52:03 EDT 2002


Em Thu, Aug 22, 2002 at 06:02:59PM -0300, Andreas Hasenack escreveu:
> Actually, I just tried barnyard's ascii output and it's also different
> from the tcpdump one, so it's not specific to sql output. Probably the
> unified file was generated with it.

Ok, here is what I have:
tcpdump file
unified file

Both files representing the same capture.

Reading the tcpdump file with tcpdump itself doesn't show any anomalies.

Processing the unified file with barnyard gives different results:
- using output log_dump: ascii-barnyard-output.txt I get the txt file with
  the anomalies
- using output log_pcap: tcpdump-barnyard-output.pcap generates a clean file,
  with no anomalies





More information about the Snort-devel mailing list