[Snort-devel] 'established' with Snort 2.x on openbsd
cmg at ...81...
Fri Apr 2 06:59:05 EST 2004
Jon Hart <warchild at ...1775...> writes:
> So, I'm either going to hack xl(4) to disable the checksums or just swap
> to other cards in the system.
You can also turn off checksumming for snort. Even nicer would be to
modify to do that for only particular IPs ( since normally only 1
machine in your network is having that problem when it's the source of
If you are only doing read back analysis, netdude (netdude.sf.net)
contains a plugin that will fix checksums that works quite well.
Heck, if if you don't want to do that, that project deserves a
Chris Green <cmg at ...2257...>
More information about the Snort-devel