Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how enable icmp snort-2.9.6.1

From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 18 Jun 2014 14:15:22 -0400
On 6/18/2014 7:19 AM, hernani wrote:


Em 17-06-2014 18:17, waldo kitty escreveu:

On 6/17/2014 9:03 AM, hernani wrote:
[...]

*so snort detect icmp but not put in BASE*

can someone help me??

please, have you read and followed up on the other list replies to your queries?
have you created the necessary stream5_icmp section?


hello,

yes i create stream5_icmp


ok...


were is the snort.conf


please do not see me as a butt but the following is not complete...


preprocessor stream5_global: track_tcp yes, \
     track_udp yes, \
     track_icmp yes, \
     max_tcp 262144, \
     max_udp 131072, \
     max_active_responses 2, \
     min_response_seconds 5
preprocessor stream5_icmp:

but no udp and icmp alerts are show in BASE.


again, please post /all/ of your stream5 settings section... that could be 5 
sections... global, tcp, udp, icmp and ip...

also, look here and tell us what you are missing in the above icmp section ;)

http://manual.snort.org/node75.html

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: