Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Portscan2...

From: Alberto Gonzalez <albertg () wwjh net>
Date: Sat, 22 Mar 2003 15:44:43 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




--[PinePGP]--------------------------------------------------[begin]--

What you can do is the following

/usr/sbin/snort -o -i eth0 -c /etc/snort/snort.conf -F /etc/snort/scan.bpf

[... OR ...]

/usr/sbin/snort -i -i eth0 -c /etc/snort/snort.conf not host 111.222.333.444 && not port (53 or 5060)

Either way, it should work.

 Cheers!
 Alberto Gonzalez


First off.... penalty drink for replying to my own post..... *drinks*

i forgot the single quotes on the command line, sowry :-)

 Cheers,
 Alberto Gonzalez

Off to watch some movies.. 

- -- 
"Success comes to the person who does today, what you are thinking of doing tomorrow." 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+fMs+a3vAB/3yp/IRApbAAKCrB8EppwzgKjdvaeVHp2oDGNtdcQCeP9Tg
mw/L7vwmYt7cvv+IdWSOwz8=
=9aHQ
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: