[Snort-users] catching some alerts, but NOT consistent

Casiano, Jason (Sys Admin) casiano at ...5250...
Sun Sep 16 22:38:41 EDT 2007


I should add that pipe -i2 -v into find "3389" will detect the connection traffic. Its strange and I cannot get snort to alert for the life of me

-----Original Message-----
From: Jason Brvenik [mailto:jasonb at ...1935...] 
Sent: Sunday, September 16, 2007 8:44 PM
To: Casiano, Jason (Sys Admin)
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] catching some alerts, but NOT consistent



Casiano, Jason (Sys Admin) wrote:
> 
> 
> broadcom BCM5708C
> 
> Winsrv2k3 wsp2
> 
> Winpcap 401
> 
> Snort exec= -cc:\snort\etc\snort.conf –ld:\logs\snort –Kascii –i2
> 
>  
> 
> im using a terminal service request alert to verify snort functionality
> on my servers, however ive got a couple using the broadcom BCM5708C
> netextreme 2 adapters that dont seem to report on a term server request,
> however icmp request report just dandy.
> 
> any ideas? i truly would like to iron this out, ive been pulling my hair
> our for 3 weeks now.
> 
>  

My first guess because of ICMP / Non ICMP is going to be checksum
issues. What happens when you run snort adding -k none?


More information about the Snort-users mailing list