[Snort-users] No TCP alerts, only UDP and ICMP

Y M snort at ...15979...
Mon Dec 10 09:41:15 EST 2012


I have a Snort sensor that sees all traffic (TCP, UDP, ICMP) but alerts on UDP and ICMP only and not TCP.

I verified that the interface is getting TCP packets through tcpdump and also verified that Snort processes TCP packets by running Snort in verbose mode (-v) as well as the statistics from Snort when it stops. However, no TCP alerts get generated when running Snort to dump the packets (-b) or the usual unified2 output. 

The ruleset (generated with PulledPork) has many TCP rules plus several custom ones. Has anyone faced a similar situation?

Thanks.
YM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121210/a604300d/attachment.html>


More information about the Snort-users mailing list