resp:rst_all not working

[Venkata Raghavan <dvrnews () yahoo co in>]

Hi all
 
I recently installed snort 2.1.1 following Patrick Harper's guide on a RH 9 with mysql and acid. I was able to complete 
the install and snort and acid work great.
 
Since I also want to be able to reset connections as well, I reran ./configure with the flexresp option and this too 
I've got working. 
 
To test if this works I added the following to smtp.rules

alert tcp any any -> $HOME_NET 25 (msg:"SMTP Rule Testing"; flow:to_server,established; content:"test"; nocase;resp: 
rst_all;)

After this, when I lauch an telnet (port 25) session to an SMTP server from my windows client, the alert gets 
generated. But there is no reset. Then I tried the telnet from a linux PC - this time it gets reset.
 
WHen I check the packets sent using ethereal, I observe that whereas from a windows PC the data "test" comes as four 
packets, from a linux PC "test" comes as a data of single packet. I guess this is a problem with the WinXP version of 
Telnet  client.
 
What should I do to make snort see all of them as a single session. 
 
Should I try streams or something. If so can somebody guide me to a resource about that.
 

It surprises me that the alert should fire but the resp: action is not carried out.
 
 
Regards
Venkat
 

Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more.