[Snort-users] Stream5 reassembly

Parag Pote pipsparag at ...131...
Mon May 31 07:09:32 EDT 2010


Thanks patrick.

But I didn't hear you saying if it is mandatory or can we ignore it? Is it just an added feature?

Parag

--- On Mon, 5/31/10, Patrick Billings <pbillings at ...1935...> wrote:

> From: Patrick Billings <pbillings at ...1935...>
> Subject: Re: [Snort-users] Stream5 reassembly
> To: "Parag Pote" <pipsparag at ...131...>
> Cc: snort-users at lists.sourceforge.net
> Date: Monday, May 31, 2010, 3:34 AM
> Hi-
> 
> The ports option which can be configured as ports client |
> server |
> both is needed to set which ports the preprocessor will
> perform stream
> re-assembly on.
> 
> For example, if you are wanting to re-assemble the traffic
> to your
> webserver, then you would want to check for port 80 for
> http(tcp)
> traffic but you may not care not be concerned about the
> port the
> browser is using, as it will be a random port.
> 
> The default setting is:  ports client 21 23 25 42 53
> 80 110 111 135
> 136  137 139 143 445 513 514 1433 1521 2401 3306
> 
> HTH,
> 
> Patrick
> 
> On Mon, May 31, 2010 at 1:31 PM, Parag Pote <pipsparag at ...131...>
> wrote:
> > Hi,
> >
> > What does ports (ports client and ports both) means in
> stream5 preprocessor? Just had a glance at the code and it
> says it does reassembly when we configure this option. Just
> wanted to know is it mandatory to configure it or optional
> one? If we do not configure do we miss any functionality?
> >
> > Rgds,
> > Parag
> >
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> 








More information about the Snort-users mailing list