[Snort-users] Snort Inline

Xavier Cabrera xavierc at ...12882...
Mon Jun 6 15:55:23 EDT 2005


This sample is for one second, A LOT OF PACKETS! at this point i going 
to think there are some buffer full on iptables or there are to many 
packets to snort can't process all... i don't know...

:(

Xavier C.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/06-18:47:29.428524 218.85.225.139:3420 -> x.x.x.x:80
TCP TTL:115 TOS:0x0 ID:27205 IpLen:20 DgmLen:48 DF
******S* Seq: 0xEB2B94D8  Ack: 0x0  Win: 0xFAF0  TcpLen: 28
TCP Options (4) => MSS: 1432 NOP NOP SackOK

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

===============================================================================

Snort processed 195 packets.
===============================================================================
Breakdown by protocol:
    TCP: 195        (100.000%)        


Will Metcalf wrote:

>If you start snort with -v do you see your packets bound for port 80?
>
>Regards,
>
>Will
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
>a projector? How fast can you ride your desk chair down the office luge track?
>If you want to score the big prize, get to know the little guy.  
>Play to win an NEC 61" plasma display: http://www.necitguy.com/?r 
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>  
>





More information about the Snort-users mailing list