[Snort-devel] snort and fragmentation

rmkml rmkml at ...1042...
Wed Mar 26 06:35:03 EST 2003


Hi All,

I receive this packet this morning : (join tcpdump file)

but snort not event frag packet,
(On this trace, not packet frag/end ..., and is strange snort event this
?)

why ?

Only this traffic on file, not other traffic with net 192.168.123.x.
(ok my box have edonkey client (p2p) linux on tcp port 4662)

but snort view frag packet :
========================
Fragmentation Stats:
Fragmented IP Packets: 2          (0.000%)
    Fragment Trackers: 1
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
=========================

Other nids Firestorm event this ...

I use snort 191b233.

Regard.

Conf snort frag :

No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0

PS: Sorry for my bad speak English
-------------- next part --------------
A non-text attachment was scrubbed...
Name: frag.tcpdump.gz
Type: application/x-gzip
Size: 154 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030326/ec5b81a3/attachment.bin>


More information about the Snort-devel mailing list