[Snort-users] snort behind TAP & asynchronous_link

Chris Green cmg at ...1935...
Fri Aug 16 13:42:06 EDT 2002


"Ian Macdonald" <secsnort at ...5528...> writes:

> I think the problem is that you are only seeing one side of the
> conversation. Copper taps generally split the taped data into send and
> receive wires, So Tap A is one direction of the traffic and Tap B is the
> other.

That is the problem from snort with basic preprocessor stream
reassembly mode.  asychronous_link is to work around that and
reassemble as well as it can.
-- 
Chris Green <cmg at ...1935...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx




More information about the Snort-users mailing list