[Snort-users] snort-2.6 appears to be only seeing half the packets?

Jason Haar Jason.Haar at ...294...
Mon Jun 12 17:44:04 EDT 2006


Justin Heath wrote:
> Jason,
>
> Are you using the smtp preprocessor in 2.6?
>

Good point! Yes, I did have the "dynamicpreprocessor directory ..."
defined when running 2.6

However, turning it off made no difference.

Actually, looks like there's more confusion. I myself compiled snort-2.6
under FC5, whereas the old 2.4 binary I was testing against was poached
off a CentOS box. When I compiled 2.4.5 on the same FC5 box, it ALSO has
the same problem...

i.e. 2.4.5 and 2.6.0 under FC5 appears to not be able to "see" the
entire TCP stream (UDP appears to be OK - well it would wouldn't it) and
as such is screwing up.

This is with libdnet-devel-1.10-2.fc5 and libnet10-1.0.2a-10.fc5

PS: I don't know if it matters, but this FC5 system is on a Pentium D -
i.e. 64bit. However, I found the lack of third-party 64bit apps (and
bugs!) too much to bare, so I'm running x86 FC5 on it instead of 64bit.


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1





More information about the Snort-users mailing list