[Snort-users] More on the Possible Mem leak
bmc at ...312...
Wed Apr 18 18:23:36 EDT 2001
Steve Halligan wrote:
> Apr 18 15:56:22 homefries snort: Snort received 1802179 packets
> Apr 18 15:56:22 homefries snort: TCP: 1828907 (101.001%)
> PS. 101.001% TCP? What up with that?
I have not looked at the code to be sure, but the most logicaly
explaination is that the streams preprocessor is injecting foobared
packets into the stream.
I have noticed it on openbsd (Havn't tested on other platforms) that
stream2 will pass on the original packets as well as the stream to the
rest of the engine. This would explain the additional packets that you
More information about the Snort-users