Snort mailing list archives
Re: Portscan traffic
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 17 Mar 2003 18:30:06 -0500
The portscan alerts are generated by a preprocessor.. it doesn't log packets, just the fact that a threshold was crossed.
If it were to log packets, it would have to store them all prior to logging (because it would have to wait until the threshold was crossed).. this would take an absurd amount of memory to do on a large network.
At 01:06 PM 3/17/2003 -0800, Alwin Raymundo wrote:
Hi Guys, I need your help once again. I installed Snort, Barnyard and acid. Now my questioned is there any procedure that I can view my portscan traffic. I can view the TCP, UDP, ICMP but portscan traffic cannot. BTW I'm using redhat 7.3 Any help would highly appreciated. Thanks
-------------------------------------------------------This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan traffic Alwin Raymundo (Mar 17)
- Re: Portscan traffic Matt Kettler (Mar 17)
- <Possible follow-ups>
- Re: Portscan traffic mike Hughes (Mar 17)