[Snort-users] query .. please someone help.
erek at ...950...
Wed Sep 17 05:57:02 EDT 2003
On Tue, 16 Sep 2003, Clayton Mascarenhas wrote:
> Could I please know why I keep getting ... "responding! TCP IP
> UDP" a million times on my screen everytime I run snort on a traffic
> data file? Its like that statement runs in some sort of a never ending
> loop. Please could I know why this is happening and how do I stop this
> from happening. Is there any option that goes with my snort command
Are you sure that the message isn't "returning" instead? If it is...
Snort is telling you that something isn't right on your network. You've
got something creating packets with bad checksums. If you take a look at
lines 88-103 in src/detect.c you'll see this:
89 * If the packet has an invalid checksum marked, throw that
90 * traffic away as no end host should accept it.
92 * This can be disabled by config checksum_mode: none
97 printf("returning! TCP (%d) IP (%d) UDP (%d) \n",
98 (p->csum_flags & CSE_TCP),
99 (p->csum_flags & CSE_IP),
100 (p->csum_flags & CSE_UDP)
102 return 0;
Does that help?
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users