[Snort-users] Possible Memory Overlap/Bug? Help!

Chris Green cmg at ...1935...
Thu Dec 12 12:29:02 EST 2002


"Kevin P" <kevinp at ...6884...> writes:

> Thanks for the reply Chris.  I upgraded to build 225 (the stable release dated Dec 12).   Unfortunately, the problem remains.
>
> Is there anything I can do to help track this down?

Is there any packet loss on your system?

The easiest way to help us out is to run tcpdump with 1514 snaplen and
try to correlate TCP segmented traffic with the snort alerts.

Lawrence is correct about there being an issue with packet loss and
that very well could be what you are running into.

If thats the case, I recommend you lower the number of rules loaded :)
-- 
Chris Green <cmg at ...1935...>
Warning: time of day goes back, taking countermeasures.





More information about the Snort-users mailing list