[Snort-users] question for snort flow established

Joel Esler jesler at ...1935...
Mon Mar 18 11:07:55 EDT 2013


On Mar 18, 2013, at 10:51 AM, waldo kitty <wkitty42 at ...14940...> wrote:

> [@ALL] why is this "-k none" suddenly needed more and more in recent months?? 
> we've never used it in any of our snort installations... is it special to a 
> certain set of NICs?? [/@ALL]

If you are generating traffic on the same box you are sniffing from, then you encounter this problem.  Otherwise, it's generally not needed.  Since most people only have one box...

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130318/f6291b7e/attachment.html>


More information about the Snort-users mailing list