[Snort-users] stream4 reassembly bug

Yonah Russ yonah at ...5038...
Sun May 25 01:06:02 EDT 2003


Hi,
  I'm noticing a lot of P2P Gnutella Get mesages- when I look up the
packet payload in acid it looks exactly like web traffic that would
originate from our web proxy...

I noticed someone had the same problem a while back with snort 1.9 but
I'm running 2.0.0 build 72- could this be the same problem?

I also noticed that someone mentioned this could be a problem of dropped
packets.. afaik linux doesn't keep dropped packets statistics... how can
I determine if this is the problem?

thanks
-- 
Yonah Russ 
http://www.tikun-olam.net/





More information about the Snort-users mailing list