[Snort-users] Time based oddity.

Fyodor fygrave at ...121...
Thu Oct 5 20:26:44 EDT 2000


~ :Lines 10-20:  Again the time isn't sequential.  
~ :
~ :
~ :Now I might be crazy, but that just doesn't seem 'normal/right'.  Questions,
~ :Comments and Suggestions are welcome!
~ :
~ :Has anyone else seen this?  Or have I managed to make a complete fool out of
~ :myself? 
~ :

The time which you see there is the time which has been placed into pcap
header field by libpcap which should state the time when packet was
captured off the wire. What I think could be a cause is that if you were
running defrag. preprocessor packets could be actually `delayed' before
they are delivered to the detection/logging level. I think this could
cause such time mess.. :) but all in all it looks pretty amusing :),
anyone else noticed such things? :)




More information about the Snort-users mailing list