[Snort-devel] Content across multiple packets Not detected by Snort
easyeinfo at ...398...
Sun Apr 25 02:50:03 EDT 2004
>> Is the content being sent from the client side of
>>the connection, the one that initiated the stream
>>using a SYN?
>> Is it on one of the ports 25, 80, 3131?
More over I like to say to abhijit that my contents
are in two packets (not fragmented)
--- Jason <security at ...1585...> wrote:
> There are a few other things to consider as well
> depending on the case
> you are testing but I would look at this first. Is
> the content being
> sent from the client side of the connection, the one
> that initiated the
> stream using a SYN? Is it on one of the ports 25,
> 80, 3131? Your stream
> config is only reassembling streams from clients on
> the ports 25 80 3131
> Dennis George wrote:
> > Hi Abhijit,
> > I am not talking about packet fragmentation. I
> will give you a scenario.... When you send a huge
> data.. the data cannot be sent in a single packet
> but in multiple packets.... thus if your key word is
> splitted in two packets then snort is not detecting
> > frag2 is for fragmentation (a single packet
> splitted in many fragments)
> > And Sorry I didn't find anything like
> tcp_reassemble in snort.... I searched the internet
> > Is it supported in Snort 2.1.0 ?????
> > Thanks and Regards
> > Dennis
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
More information about the Snort-devel