Re: how enable icmp snort-2.9.6.1

[James Lay <jlay () slave-tothe-box net>]

On 2014-06-16 10:26, hernani wrote:
> hello,
>  i forgot error,
>
>  WARNING: Stream5 ICMP misconfigured (policy 0).
>  Jun 16 17:20:04 hernani snort[23563]: ERROR: Stream5 not properly
> configured... exiting
>
>  hernani
>  thanks
>
> Em 16-06-2014 17:07, hernani escreveu:
>
> > hello,
> >
> > How can i enable icmp snort-2.9.6.1
> >
> > i change
> > preprocessor stream5_global: track_tcp yes,
> > track_udp yes,
> > track_icmp no, ------> TRACK_ICMP YES, snort not start.
> >
> > someone can help me?
> >
> > thanks
> >
> > hernani coelho

Per the docs:

ICMP Configuration
------------------
NOTE: ICMP is currently untested, in minimal code form and is NOT ready
for use in production networks.  It is not turned on by default.

Configuration for ICMP session tracking.  Since there is no target 
based
binding, there should be only one occurrence of the ICMP configuration.
- Preprocessor name: stream5_icmp
- Options:
     timeout <number (secs)> - Session timeout.  The default is "30", 
the
                               minimum is "1", and the maximum is 
"86400"
                               (approximately 1 day).



Add a corresponding stream5_icmp entry and see what happens.

James


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!