[Snort-users] Re: I don't get any alerts when reading from file.
This is a discussion on [Snort-users] Re: I don't get any alerts when reading from file. within the Snort forums, part of the System Security and Security Related category; You are absolutely right! I could kiss you! Hell, I'm so happy I could kiss everybody!!!That was exactly ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-04-2004
|
|||
|
|||
[Snort-users] Re: I don't get any alerts when reading from file.
You are absolutely right! I could kiss you! Hell, I'm so happy I could
kiss everybody!!!That was exactly the problem. The packets I was generating had all checksums set to 0, because when I was reading the various protocols each said that a checksum of 0 means that no checksum is generated. It never occured to me that snort might reject such packets.Thanks a bunch to everyone! You've been great help! > Do the packets that you created have the correct checksums - IP, and > tcp/udp/icmp? If the checksums are not correct, you may not get > alerts. It looks like there is a configure option : > > config checksum_mode : none > > that will turn off validating checksums. > > Judy ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
