[Snort-users] catching some alerts, but NOT consistent
Casiano, Jason (Sys Admin)
casiano at ...5250...
Sun Sep 16 22:38:41 EDT 2007
I should add that pipe -i2 -v into find "3389" will detect the connection traffic. Its strange and I cannot get snort to alert for the life of me
From: Jason Brvenik [mailto:jasonb at ...1935...]
Sent: Sunday, September 16, 2007 8:44 PM
To: Casiano, Jason (Sys Admin)
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] catching some alerts, but NOT consistent
Casiano, Jason (Sys Admin) wrote:
> broadcom BCM5708C
> Winsrv2k3 wsp2
> Winpcap 401
> Snort exec= -cc:\snort\etc\snort.conf –ld:\logs\snort –Kascii –i2
> im using a terminal service request alert to verify snort functionality
> on my servers, however ive got a couple using the broadcom BCM5708C
> netextreme 2 adapters that dont seem to report on a term server request,
> however icmp request report just dandy.
> any ideas? i truly would like to iron this out, ive been pulling my hair
> our for 3 weeks now.
My first guess because of ICMP / Non ICMP is going to be checksum
issues. What happens when you run snort adding -k none?
More information about the Snort-users