[Snort-users] Re: Snort swapping src and dst in binary log?

Erek Adams erek at ...950...
Thu Jul 10 06:09:02 EDT 2003

On Wed, 9 Jul 2003, Tony Lill wrote:

> I've seen it for quite a while, and it's not just in writing the
> binary log files. I usually see http requests stitched into mail
> streams. I even submitted a bug report. You'd think you'd see more
> concern about a bug that renders all of snort's reports suspect.


I am not a coder.  That said...

There is concern about the issue.  There is also a serious lack of data to
reproduce it.  Think of it as going to the auto shop and saying
"something's wrong" without being able to describe what you feel is wrong.

If you have data on this, _please_ submit it.  The best thing would be a
pcap of the packets from tcpdump with a 65535 snaplen and pcap from snort
with the switched packets.  If you (or anyone else) have that info, please
send it to the snort-devel list.  If you don't want to send your pcap info
to the world, please contact a team member privately with the info.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list