Snort mailing list archives
Help!! Problem testing Snort
From: Gema de Toro Sánchez <detorosanchez () yahoo es>
Date: Mon, 9 Feb 2004 14:48:22 +0100 (CET)
Hi! Please I need help!! I'm testing Snort with Stick. I run Stick with Snort signatures, but Snort doesn't detect them how I expected. I only get a lot of identical alerts like this: snort_decoder: Invalid UDP header, length field <8 snort_decoder:Unknown Datagram Decoding Problem I get an important number of packets discard too, but I don't understand what this exactly means and if is there any relation. I'm really worried because I'm not sure if the detection motor is running well about signatures detection. Most of time, Snort sends preprocessors messages (alerts) except some ICMP or BAD-TRAFFIC rules alerts. It seems strange, doesn't it? Snort analyzed 3010 out of 3010 packets, dropping 0(0.000%) packets Breakdown by protocol: Action Stats: TCP: 2122 (70.498%) ALERTS: 368 UDP: 238 (7.907%) LOGGED: 736 ICMP: 622 (20.664%) PASSED: 0 ARP: 16 (0.532%) EAPOL: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 250 (8.306%) I'm sorry if my English is difficult to understand!! Cheers!! --------------------------------- Antivirus #8226; Filtros antispam #8226; 6 MB gratis ¿Todavía no tienes un correo inteligente?
Current thread:
- Help!! Problem testing Snort Gema de Toro Sánchez (Feb 09)
- Re: Help!! Problem testing Snort ravivsn (Feb 09)