[Snort-users] FATAL ERROR: Cannot check flow connection for non-TCP traffic

JJC cummingsj at ...11827...
Mon Jan 28 13:47:33 EST 2008


Be sure that you are using the latest configuration file and don't modify
the spp module section (other than modification to fit your environment)...
see if it will start then.  I have seen many people using the old original
config file, there are lots of things missing that are new features etc...
in the new snort.conf that is included with the most recent releases.

JJC

On Jan 28, 2008 1:14 PM, Nathaniel Richmond <nate+snort at ...14258...>
wrote:

> If you're using stream4, either switch to stream5 or use
> "--enable-stream4udp" among your other options when configuring. I'm
> guessing the consensus would be to use stream5.
>
> Nate
>
> Security Admin (NetSec) wrote:
> > I have googled for this error for a few months now (running latest
> > 2.8.0.1) for a few weeks now, and have not found a reasonable
> > solution to this problem.  The cause appears to be in the udp rule
> > set for just about every single udp rule across multiple rules sets.
> >  The solutions I have found thus far have been to either modify the
> > specific rule (which could take forever depending on the # of udp
> > rules I have to modify), disabling the udp rule (again
> > time-consuming) or disabling the rule set entirely.  I tried the
> > third method, but with the amount of rulesets removed it left me
> > with little to analyze.
> >
> > I suspect a better solution is around, so if anyone knows and can
> > respond, much appreciated.
> >
> > FYI I am not running IpCop
> >
> > Best Regards,
> >
> > Edward Ray
> >
> > --
> > This mail was scanned by BitDefender
> > For more informations please visit http://www.bitdefender.co
> >
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080128/cd7069ad/attachment.html>


More information about the Snort-users mailing list