[Snort-users] A question on flows with pcaps

James Lay jlay at ...13475...
Wed Aug 8 15:53:56 EDT 2012


On 2012-08-08 11:16, Will Metcalf wrote:
> If you leave flow:established,to_client; and pass "-k none" as a
> command line option does it fire?  If so you probably need to disable
> checksum offloading on your nic...
>
> 
> http://securityonion.blogspot.com/2011/10/when-is-full-packet-capture-not-full.html
>
> Regards,
>
> Will

Yea that's TOTALLY it...thanks Will!

James




More information about the Snort-users mailing list