[Snort-users] Rule works in replay file mode, but not when sniffing

waldo kitty wkitty42 at ...14940...
Fri Jul 12 21:25:13 EDT 2013


On 7/12/2013 18:29, Pavel Rantorski wrote:
> Thank you, the problem was indeed the low snaplen size combined with VLAN use!
> After setting snaplen to 1542 (1518 didn't work even though the pcap packets
> were this large) and changing MTU on network interface accordingly, the rules
> work as expected.

i started to suggest a snaplength of 0 (zero) to get the entire packet but was 
confused by other data in your posts...


-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list