Snort mailing list archives
Any issues with dup packets on snort?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 30 Nov 2005 12:34:54 +1300
Hi there We have a range of switches being used within our network for port monitoring, and a couple have had to be set up in such a way that you can end up seeing each packet TWICE on the snort interface. I've been told by our network engineers that this has to be the case in order for the IDS to see the networks it needs to on one card. i.e. src-ip->dst-ip SYN dst-ip->src-ip SYN-ACK actually looks like src-ip->dst-ip SYN src-ip->dst-ip SYN dst-ip->src-ip SYN-ACK dst-ip->src-ip SYN-ACK Anyway, I have no problem with that, and snort "seems" to be happy too. Can someone confirm that duplicate packets aren't a problem? That worst-case should be duplicate alerts? Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Any issues with dup packets on snort? Jason Haar (Nov 29)
- Re: Any issues with dup packets on snort? G Ramon Gomez (Nov 30)
- <Possible follow-ups>
- Re: Any issues with dup packets on snort? barryab63-ia (Nov 30)
- Re: Any issues with dup packets on snort? Richard Bejtlich (Nov 30)
- Re: Any issues with dup packets on snort? Jason Haar (Nov 30)