Snort mailing list archives
Re: query .. please someone help.
From: Erek Adams <erek () snort org>
Date: Thu, 18 Sep 2003 07:58:20 -0400 (EDT)
On Wed, 17 Sep 2003, Clayton Mascarenhas wrote:
I have three questions. So what I have done now is added "config checksum_mode:none" to my snort.conf file and now snort 2.01 has stopped printing that "returning! " message on my screen. But lets say I want to stop snort from detecting it (rather than just stopping it from printing it on the screen)... do I need to highlight the lines 94 through 103 from the detect.c code?
Well, when you place that line in your config a flag is set. When that flag is set, the code 'doesn't run', so there isn't any detection (of that) going on.
I have installed snort 2.01 on my windows machine. I cannot find the folder in which all the C files are kept at. Where are they?
Well, I don't have a Win32 box to check on, but I'm guessing that the Win32 binary distro does not include the source. If you need it, grab WinZip ( http://www.winzip.com/ ) so you can uncompress the archive, grab the archive [0] and then unpack it. You should see the Win32 specific files in snort-2.0.1/src/win32/ .
And finally ... when I ran snort 1.9 on the same traffic data... i did not get this "returning!" message thing... snort 1.9 never detected this bad checksum packets... however snort2.01 does detect this. I wanted to double check here with you whether snort1.9 cannot actually do that or was i doing something wrong.
Right. This was something that was added in 2.0.x. Now of course since 2.0.2 is out, you should upgrade. :) IIRC, the "returning! TCP" blah isn't in 2.0.2. I guess I should really upgrade as well. :) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.snort.org/dl/snort-2.0.2.tar.gz ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- query .. please someone help. Clayton Mascarenhas (Sep 16)
- Re: query .. please someone help. Erek Adams (Sep 17)
- Re: query .. please someone help. Clayton Mascarenhas (Sep 17)
- Re: query .. please someone help. Erek Adams (Sep 18)
- Re: query .. please someone help. Clayton Mascarenhas (Sep 17)
- Re: query .. please someone help. Erek Adams (Sep 17)