[Snort-users] snort behind TAP & asynchronous_link
cmg at ...1935...
Thu Aug 15 04:19:02 EDT 2002
Holger.Woehle at ...2701... writes:
> Snort does not recognize the alerts with the flow:to_server,established
Let me take another look at this. I haven't taken a look at the
asynch state machine since it was added. It *is* a state machine of
The outer features are why we have a beta cycle :)
> I seems to me, that snort does not reassemble the stream.
> If i delete the established attribute snort recognises the alert.
> But then i run into my other problem (please see thread: snort seas no
> fragmented error).
Let me look at it some more.
Chris Green <cmg at ...1935...>
"I'm beginning to think that my router may be confused."
More information about the Snort-users