Snort mailing list archives
No TCP alerts, only UDP and ICMP
From: Y M <snort () outlook com>
Date: Mon, 10 Dec 2012 17:41:15 +0300
I have a Snort sensor that sees all traffic (TCP, UDP, ICMP) but alerts on UDP and ICMP only and not TCP. I verified that the interface is getting TCP packets through tcpdump and also verified that Snort processes TCP packets by running Snort in verbose mode (-v) as well as the statistics from Snort when it stops. However, no TCP alerts get generated when running Snort to dump the packets (-b) or the usual unified2 output. The ruleset (generated with PulledPork) has many TCP rules plus several custom ones. Has anyone faced a similar situation? Thanks. YM
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- No TCP alerts, only UDP and ICMP Y M (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Marcos Rodriguez (Dec 10)
- <Possible follow-ups>
- Re: No TCP alerts, only UDP and ICMP Y M (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Justin Knox (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Y M (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Lay, James (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Y M (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Castle, Shane (Dec 10)
- Re: No TCP alerts, only UDP and ICMP JJC (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Castle, Shane (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Y M (Dec 10)
- Re: No TCP alerts, only UDP and ICMP Y M (Dec 10)
(Thread continues...)