[Snort-sigs] I think there's something wrong when snort tries to reassemble TCP stream
mkettler at ...189...
Mon Jul 21 09:14:27 EDT 2003
At 02:11 PM 7/21/2003 +0800, =?gb2312?B?1Pgg0KHBog==?= wrote:
> I think there's something wrong when snort tries to reassemble TCP
> stream in StoreStreamPkt() function in spp_stream4.c. In
> StoreStreamPkt(), if it finds out the packet we just receive
> is un-ack'd, then it looks for this packet in the tree like this:
Ok, I have to ask.. what do these posts have to do with signatures?
Snort-sigs has a subscriber base that is interested in analyzing packet
traces of worms, trojans and attack tools in order to write new snort
signatures to catch them. This has very little to do with how the internal
workings of stream4 are written. Perhaps this should be on snort-users or
In the future if you don't get a reply, I'd suggest trying to figure out
why rather than merely reposting the message.
More information about the Snort-sigs