[Snort-users] how enable icmp snort-2.9.6.1

hernani coelho.hernani at ...16858...
Wed Jun 18 07:19:40 EDT 2014


Em 17-06-2014 18:17, waldo kitty escreveu:
> On 6/17/2014 9:03 AM, hernani wrote:
> [...]
>> *so snort detect icmp but not put in BASE*
>>
>> can someone help me??
> please, have you read and followed up on the other list replies to your queries?
> have you created the necessary stream5_icmp section?
>
hello,

yes i create stream5_icmp

were is the snort.conf

preprocessor stream5_global: track_tcp yes, \
    track_udp yes, \
    track_icmp yes, \
    max_tcp 262144, \
    max_udp 131072, \
    max_active_responses 2, \
    min_response_seconds 5
preprocessor stream5_icmp:

but no udp and icmp alerts are show in BASE.

thanks

hernani




More information about the Snort-users mailing list