Hi i'm italian student of federico II naples university. I'm working with snort for my thesis of anomaly detection. I've used the mawilab dataset .pcap to run snort in IDS mode for the detection of potscan e netscan with the sfportscan preprocessor. However a lot of IP4 packet are discard. I think because The IP headers say a value of packet size, but the entire packets are short so they are discarded (Mawilab delete the payload of a packet). Is there a way to prevent the discard of IP packet and analyze with the sfportscan all the pcap file? > > this is an exemple: > Eth Disc: 0 ( 0.000%) > IP4 Disc: 44409489 ( 70.630%) > IP6 Disc: 1229205 ( 1.955%) > TCP Disc: 172 ( 0.000%) > UDP Disc: 0 ( 0.000%) > ICMP Disc: 0 ( 0.000%) > > > thank you in advance > wish you have a good day