[Snort-users] how enable icmp snort-2.9.6.1

waldo kitty wkitty42 at ...14940...
Wed Jun 18 14:15:22 EDT 2014


On 6/18/2014 7:19 AM, hernani wrote:
>
> Em 17-06-2014 18:17, waldo kitty escreveu:
>> On 6/17/2014 9:03 AM, hernani wrote:
>> [...]
>>> *so snort detect icmp but not put in BASE*
>>>
>>> can someone help me??
>> please, have you read and followed up on the other list replies to your queries?
>> have you created the necessary stream5_icmp section?
>>
> hello,
>
> yes i create stream5_icmp

ok...

> were is the snort.conf

please do not see me as a butt but the following is not complete...

> preprocessor stream5_global: track_tcp yes, \
>      track_udp yes, \
>      track_icmp yes, \
>      max_tcp 262144, \
>      max_udp 131072, \
>      max_active_responses 2, \
>      min_response_seconds 5
> preprocessor stream5_icmp:
>
> but no udp and icmp alerts are show in BASE.

again, please post /all/ of your stream5 settings section... that could be 5 
sections... global, tcp, udp, icmp and ip...

also, look here and tell us what you are missing in the above icmp section ;)

http://manual.snort.org/node75.html

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list