I would prefer an ascii dump over a pcap of a single packet. As long as
you include header info in the copy and paste.
I would imagine that's the concensus, for a single packet at least.
As for the usefulness, I'm sure Brian and crew takt that info in and use
it but might not always respond. It's definitely useful. On the
bleedingsnort side, unless it's a quick no0brainer fix we generally
funnel the FP over to the original author and a fix or tweak almost
always comes back.
So the effort is definitely appreciated. We'll try to let you know if
what you've sent in did the trick more often. :)
Matt
Russell Fulton wrote:
Thanks Matt & Janson for responses: This has confirmed what I had
thought. Methods of reporting by order of usefulness:
1/ tcpdump of whole session
2/ tcpdump of single packet
3/ Ascii/hex dump of packet from Acid/or whatever.
Is there much difference between 2 and 3? Given that 3 is much easier to
obtain.
When should I resort to getting full dumps of the streams?
I have reported FPs on many occasions before (although not lately) and
never had any feed back. I appreciate that folk are busy doing
productive stuff but I have been left wondering if it is worth my time
and if I am sending in the "right stuff".
I'd be happy if I got an occasional "Thanks, this is useful" or "Thanks,
but what I really need....".
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
