[Snort-users] Help!! Problem testing Snort

Gema de Toro Sánchez detorosanchez at ...11031...
Mon Feb 9 05:49:04 EST 2004


Hi! Please I need help!!

I'm testing Snort with Stick. I run Stick with Snort signatures, but Snort doesn't detect them how I expected. I only get a lot of identical alerts like this:

snort_decoder: Invalid UDP header, length field <8     snort_decoder:Unknown Datagram Decoding Problem

I get an important number of packets discard too, but I don't understand what this exactly means and if is there any relation. I'm really worried because I'm not sure if the detection motor is running well about signatures detection. Most of time, Snort sends preprocessors messages (alerts) except some ICMP or BAD-TRAFFIC rules alerts. It seems strange, doesn't it?

Snort analyzed 3010 out of 3010 packets, dropping 0(0.000%) packets

Breakdown by protocol:      Action Stats:

TCP: 2122 (70.498%)         ALERTS: 368

UDP: 238 (7.907%)           LOGGED: 736

ICMP: 622 (20.664%)         PASSED: 0

ARP: 16 (0.532%)

EAPOL: 0 (0.000%)

IPv6: 0 (0.000%)

IPX: 0 (0.000%)

OTHER: 0 (0.000%)

DISCARD: 250 (8.306%)

I'm sorry if my English is difficult to understand!!

Cheers!!



---------------------------------

    Antivirus #8226; Filtros antispam #8226; 6 MB gratis
    ¿Todavía no tienes un correo inteligente?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040209/282d13d6/attachment.html>


More information about the Snort-users mailing list