[Snort-devel] snort Preprocessor question
Simon.Windows at ...1387...
Thu May 23 00:31:02 EDT 2002
I am trying to write a snort preprocessor but have run into a problem. The
packets are not being delivered to thepreprocessor in the same order in
which they are found in the tcpdump file from which snort is reading them.
It doesn't seem to affect all traffic - icmp doesn't seem to be affeted -
but udp and tcp traffic do. for example, dns traffic will be out of order
so that it appears that the dns server answers a request before it
No rules or other preprocessors are being invoked in the snort config
If anyone can tell me what I am doing wrong or shed some light on this
situation I would really appreciate it.
Simon Windows _--_|\ Advanced Computer Capabilities Branch
Tel 825-96568 / \ Defence Science & Technology Organisation
Fax 825-97110 \_.-*._/ POBox 1500 Edinburgh South Australia 5111
IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the
CRIMES ACT 1914. If you have received this email in error, you are
requested to contact the sender and delete the email.
More information about the Snort-devel