[Snort-users] Re: Snort swapping src and dst in binary log?

LucAdmin info at ...2282...
Thu Jul 10 10:02:24 EDT 2003

Is there a version of WINDUMP that works with the current Winpcap 3.0 final?
I don't beleive there is, hence I cannot provide this data as you request.
Is there another method or way to produce this data?


James Friesen
Lucretia Enterprises
info at ...2282...


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Erek Adams
Sent: Thursday, July 10, 2003 7:08 AM
To: Tony Lill
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Re: Snort swapping src and dst in binary log?

On Wed, 9 Jul 2003, Tony Lill wrote:

> I've seen it for quite a while, and it's not just in writing the
> binary log files. I usually see http requests stitched into mail
> streams. I even submitted a bug report. You'd think you'd see more
> concern about a bug that renders all of snort's reports suspect.


I am not a coder.  That said...

There is concern about the issue.  There is also a serious lack of data to
reproduce it.  Think of it as going to the auto shop and saying
"something's wrong" without being able to describe what you feel is wrong.

If you have data on this, _please_ submit it.  The best thing would be a
pcap of the packets from tcpdump with a 65535 snaplen and pcap from snort
with the switched packets.  If you (or anyone else) have that info, please
send it to the snort-devel list.  If you don't want to send your pcap info
to the world, please contact a team member privately with the info.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list