[Snort-users] More on the Possible Mem leak

Brian Caswell bmc at ...312...
Wed Apr 18 18:23:36 EDT 2001


Steve Halligan wrote:
> Apr 18 15:56:22 homefries snort: Snort received 1802179 packets

> Apr 18 15:56:22 homefries snort:     TCP: 1828907    (101.001%)

> PS.  101.001% TCP?  What up with that?

I have not looked at the code to be sure, but the most logicaly
explaination is that the streams preprocessor is injecting foobared
packets into the stream.  

I have noticed it on openbsd (Havn't tested on other platforms) that
stream2 will pass on the original packets as well as the stream to the
rest of the engine.  This would explain the additional packets that you
are seeing.

-brian




More information about the Snort-users mailing list