[Snort-users] how enable icmp snort-

Y M snort at ...15979...
Fri Jun 20 13:23:35 EDT 2014

This is not an error, this is the ASCII representation of your alert. The signature sid:477 was matched and alerted upon.

Date: Fri, 20 Jun 2014 17:18:14 +0100
From: coelho.hernani at ...16858...
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] how enable icmp snort-


    Em 19-06-2014 20:06, waldo kitty

      On 6/19/2014 9:20 AM, hernani wrote:

        *i dont need something in stream5_global for ip?

      yes, you do...

 > preprocessor stream5_global: track_tcp yes, \
 >      track_udp yes, \
 >      track_icmp yes, \
        track_ip yes, \
 >      max_tcp 262144, \


it is recommended that you utilize the above URL pages as completely as you 
can... they contain all the docs for the current snort... node1 is, of course, 
the beginning ;)



     i make progress 


    in barnyard2 now detect icmp but give me this ---> 
    06/20-17:07:46.151595  [**] [1:477:3] DELETED ICMP Source Quench


    can someone help me with this error?






HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140620/1899d865/attachment.html>

More information about the Snort-users mailing list