Re: snort and acid - Traffic Profile by Protocol doesnt update correctly

[sekure <sekure () gmail com>]

John,

Snort reports on ALL the traffic that it saw, so it's a pretty good
representation of your network traffic.  ACID reports on only what it
has in its database, so the percentages are a representation of the
type of traffic that caused the alerts.  So even if UDP makes up only
1% of your traffic, it's entirely possible that it is causing 80% of
all of your alerts, especially with the default snort config files.  I
suspect SNMP rules, if you are doing any sort of network monitoring.

HTH

On Sat, 11 Sep 2004 10:46:45 +0000, John Oost <johnoost () hotmail com> wrote:
> Thanks for the reply. If that's the case then it doenst work. The output
> from snort -v doesnt match the traffic bars in Acid. It seems it just
> doesn't update the traffic stats correctly. I already tried disabling the
> caching of IE but that didnt work either. Any ideas?


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users