[Snort-users] how enable icmp snort-2.9.6.1

hernani coelho.hernani at ...16858...
Fri Jun 20 12:18:14 EDT 2014


Em 19-06-2014 20:06, waldo kitty escreveu:
> On 6/19/2014 9:20 AM, hernani wrote:
>> *i dont need something in stream5_global for ip?
> yes, you do...
>
>   > preprocessor stream5_global: track_tcp yes, \
>   >      track_udp yes, \
>   >      track_icmp yes, \
>          track_ip yes, \
>   >      max_tcp 262144, \
>
> http://manual.snort.org/node73.html
>
> it is recommended that you utilize the above URL pages as completely as you
> can... they contain all the docs for the current snort... node1 is, of course,
> the beginning ;)
*hello,**
**
** i make progress **
**
**in barnyard2 now detect icmp but give me this* ---> 
06/20-17:07:46.151595  [**] [1:477:3] DELETED ICMP Source Quench [**]

can someone help me with this error?

thanks

hernani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140620/dd6c021b/attachment.html>


More information about the Snort-users mailing list