[Snort-users] corrupted packet traces?

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Fri Jan 17 13:14:05 EST 2003


I'm using Snort Version 1.9.0 (Build 209) on RH Linux 7.0. Stats on my
system show that NO packets are being dropped and all appears to be working
normally. I created a custom rule to check for an internal domain name,
which flagged a few hundred packets from web sessions. When I review the
packet traces with people here, we all seem to think the packet traces CAN'T
be valid web session packet traces. It almost appears as though the packet
traces show one particular packet, though it is actually two unrelated
packets lumped together or something (like information in the beginning of
the packet doesn't have any relation to info at the end of the packet). I
was wondering if anyone has seen such a thing before?


Paul Sheahan
Manager of Information Security
paul.sheahan at ...2218...

More information about the Snort-users mailing list