[Snort-users] No TCP alerts, only UDP and ICMP
snort at ...15979...
Mon Dec 10 09:41:15 EST 2012
I have a Snort sensor that sees all traffic (TCP, UDP, ICMP) but alerts on UDP and ICMP only and not TCP.
I verified that the interface is getting TCP packets through tcpdump and also verified that Snort processes TCP packets by running Snort in verbose mode (-v) as well as the statistics from Snort when it stops. However, no TCP alerts get generated when running Snort to dump the packets (-b) or the usual unified2 output.
The ruleset (generated with PulledPork) has many TCP rules plus several custom ones. Has anyone faced a similar situation?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users