Re: SMB PREPROCESSOR

["Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>]

Can you share the rule, the conf file and pcap?

It may be easier to help if you show what your working with.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>


From: Snort-users <snort-users-bounces () lists snort org> on behalf of sec hot via Snort-users <snort-users () lists 
snort org>
Reply-To: sec hot <sechot44 () gmail com>
Date: Monday, December 31, 2018 at 2:55 PM
To: "snort-users () lists snort org" <snort-users () lists snort org>
Subject: [Snort-users] SMB PREPROCESSOR

Hi
How preprocessor work?
I create smb rule that detect content in smb packet, for some reason the rule is not trigger all time, i am send the 
same packet over and over and only for the third time the rule is trigger, is it related to the smb pre process? Why is 
that?

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette