Snort mailing list archives
Stream 5 max_queued_bytes explanation
From: Christian T <christian.snort () gmail com>
Date: Fri, 6 Jan 2012 10:18:32 +1100
Hi, Hoping someone could clarify max_queued_bytes - testing isn't proving successful. Snort manual states: max queued bytes <bytes> Limit the number of bytes queued for reassembly on a given TCP session to bytes. Default is ”1048576” (1MB). A value of ”0” means unlimited, with a non-zero minimum of ”1024”, and a maximum of ”1073741824” (1GB).A message is written to console/syslog when this limit is enforced Sample console message: S5: Session exceeded configured max bytes to queue 1048576 using 1048670 bytes (client queue). 10.0.0.1 2146 --> 10.0.0.2 8080 (0) : LWstate 0x9 LWFlags 0x6007 Trying to understand the exact outcomes from setting the max_queued_bytes parameter for Stream5 TCP reassembly viz. does the limit on queued bytes affect every reassembled stream, or is it more complicated than that? e.g. will every reassembled stream be flushed once it reaches 1MB in size (at default setting), thus limiting the depth a reassembled stream will be checked? Or are queued bytes something else? Cheers, Christian
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Stream 5 max_queued_bytes explanation Christian T (Jan 06)