Snort mailing list archives
RE: Re: Snort swapping src and dst in binary log?
From: "LucAdmin" <info () lucretia ca>
Date: Thu, 10 Jul 2003 10:29:38 -0600
Is there a version of WINDUMP that works with the current Winpcap 3.0 final? I don't beleive there is, hence I cannot provide this data as you request. Is there another method or way to produce this data? Thanks! James Friesen CIO Lucretia Enterprises info () lucretia ca -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Erek Adams Sent: Thursday, July 10, 2003 7:08 AM To: Tony Lill Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Re: Snort swapping src and dst in binary log? On Wed, 9 Jul 2003, Tony Lill wrote:
I've seen it for quite a while, and it's not just in writing the binary log files. I usually see http requests stitched into mail streams. I even submitted a bug report. You'd think you'd see more concern about a bug that renders all of snort's reports suspect.
[...snip...] I am not a coder. That said... There is concern about the issue. There is also a serious lack of data to reproduce it. Think of it as going to the auto shop and saying "something's wrong" without being able to describe what you feel is wrong. If you have data on this, _please_ submit it. The best thing would be a pcap of the packets from tcpdump with a 65535 snaplen and pcap from snort with the switched packets. If you (or anyone else) have that info, please send it to the snort-devel list. If you don't want to send your pcap info to the world, please contact a team member privately with the info. Thanks! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort swapping src and dst in binary log? David Gordon (Jul 09)
- Re: Snort swapping src and dst in binary log? Tony Lill (Jul 10)
- Re: Re: Snort swapping src and dst in binary log? Erek Adams (Jul 10)
- RE: Re: Snort swapping src and dst in binary log? LucAdmin (Jul 10)
- RE: Re: Snort swapping src and dst in binary log? Erek Adams (Jul 10)
- Re: Re: Snort swapping src and dst in binary log? Erek Adams (Jul 10)
- Re: Snort swapping src and dst in binary log? Tony Lill (Jul 10)
- <Possible follow-ups>
- RE: Snort swapping src and dst in binary log? David Gordon (Jul 10)
- RE: Snort swapping src and dst in binary log? Erek Adams (Jul 10)
- Re: Snort swapping src and dst in binary log? Chris Green (Jul 14)
- RE: Snort swapping src and dst in binary log? Erek Adams (Jul 10)