[Snort-users] Tagged Packet ... AAAHHH

Dirk Geschke dirk at ...10648...
Sun Oct 30 01:19:49 EDT 2005


Hi Michael,

> I believe I have suppressed alerts for "Tagged Packet" as I do not see 
> them in the alert file, however. In the web GUI provided by BASE I can 
> see that "Tagged Packet" appears to be logged still.
> 
> I must be misunderstanding something here, can anyone help me out ?

I think this are reassembled packets from stream4. If you use the
unified output plugin these packets are split to the original size.
The first packet carries the alert informations, the others are marked
as tagged packets.

Best regards

Dirk




More information about the Snort-users mailing list