[Snort-users] Increasing Packet
WirthJe at ...4876...
Fri Mar 22 07:36:08 EST 2002
> the packet is captured and reported in the payload.
> Is there any way to increase this size in Snort?
I guess you are referring to the "snaplen" that snort uses. By default
snort uses 1514 as it's snaplen when snorting data. So I guess the question
is "what media are you snorting on?". 1514 would be sufficient for ethernet
(or any media with a MTU less then 1500). What you may be seeing is a
payload from source with a small MTU, ie dial-up user, where the entire
payload is split between multiple packets.
# man snort
- P snap-length
Hope this helps...
More information about the Snort-users