[Snort-users] newbe info needed

/dev/null dev.null at ...6862...
Fri Sep 27 13:08:14 EDT 2002

Which will get a packet
first?  Will snort or my iptables?  Any good URLs you can recommend to
help clear up what the kernel does with network traffic when it comes

If I re-comp the kernel with the CONFIG_IP_ALWAYS_DEFRAG turned on, will
snort see the fragmented packets before the kernel defragments them, or
will it only see the defragged packet?

Any URLs for further reading (besides the snort user manual)?


