RE: flexresp - I have 2 stupid questions

["Rich Stryker" <rstryker () virtuallearning net>]

I have the libnetNT.dll in the winnt\system32 directory. I have pinged the servers that flexresp should be monitoring 
but I still get a response when i think I should be getting dropped packets.

does flexresp write a log somewhere that I can see if it is loading properly or functioning properly or reading packets 
properly but is unable to respond to?

-----Original Message-----
From: Matt Kettler [mailto:mkettler () evi-inc com]
Sent: Wednesday, November 26, 2003 11:57
To: Rich Stryker; snort-users () lists sourceforge net
Subject: Re: [Snort-users] flexresp - I have 2 stupid questions


At 10:26 AM 11/26/2003, Rich Stryker wrote:
> *       If I have unbound TCP/IP on the outside NIC where I have set 
> flexresp, I have set the rules to send ICMP null responses, will flexresp 
> actually work?

It should... flexresp uses libnet to generate the packets and does not rely 
on the local tcp/ip stack.

> *       How do you know if flexresp is working?

Um.. test it?




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users