[Snort-users] Snort and Nortel Accelar 1200

Martin Roesch roesch at ...421...
Mon Mar 12 01:51:37 EST 2001


If someone would be so gracious as to send us pcap formatted packet
captures and pointer as to which protocol they're running (I'm lazy
tonight and I'm not looking it up) then we'll fix the decoders to
support it...

   -Marty

Fred Portnoy wrote:
> 
> > It's more than just the frame size ... it's that extra field in the header that carries the frame tagging information ... the IP and subsequent headers are no longer at the offsets they're expected to be at.
> > The older
> > Sniffers didn't know what to do with that information, and I'm wondering whether the other products know about it either?
> 
> Also, if you're running ARU 3's on your Accellar you'll see the traffic in both directions via your mirror port, but not if you're running ARU 2's. But you knew that.
> 
> thanks
> 
> fp
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list