[Snort-devel] snort Preprocessor question

Simon Windows Simon.Windows at ...1387...
Thu May 23 00:31:02 EDT 2002


gday

I am trying to write a snort preprocessor but have run into a problem. The 
packets are not being delivered to thepreprocessor in the same order in 
which they are found in the tcpdump file from which snort is reading them.

It doesn't seem to affect all traffic - icmp doesn't seem to be affeted - 
but udp and tcp traffic do. for example, dns traffic will be out of order 
so that it appears that the dns server answers a request before it 
receives it.

No rules or other preprocessors are being invoked in the snort config 
file.

If anyone can tell me what I am doing wrong or shed some light on this 
situation I would really appreciate it.

-- 

  Simon Windows    _--_|\    Advanced Computer Capabilities Branch
  Tel 825-96568   /      \   Defence Science & Technology Organisation
  Fax 825-97110   \_.-*._/   POBox 1500 Edinburgh South Australia 5111
                        v
  IMPORTANT: This email remains the property of the Australian Defence
  Organisation and is subject to the jurisdiction of section 70 of the
  CRIMES ACT 1914.  If you have received this email in error, you are
  requested to contact the sender and delete the email.





More information about the Snort-devel mailing list