[Snort-users] newbe info needed

/dev/null dev.null at ...6862...
Fri Sep 27 13:08:14 EDT 2002


RE: [Snort-users] Having trouble using -b switchWhich will get a packet
first?  Will snort or my iptables?  Any good URLs you can recommend to
help clear up what the kernel does with network traffic when it comes
in?

If I re-comp the kernel with the CONFIG_IP_ALWAYS_DEFRAG turned on, will
snort see the fragmented packets before the kernel defragments them, or
will it only see the defragged packet?

Any URLs for further reading (besides the snort user manual)?

Thanks!





More information about the Snort-users mailing list