Snort mailing list archives
Re: ICMP AND UDP
From: "Sunil Kumar" <sunildolley () gmail com>
Date: Sat, 20 Jan 2007 23:47:34 +0300
Hi, i am using Snort as IDS to log , i can see only tcp logs not icmp and udp, and am not much familier with linux, to enable snort to log icmp and utp ,what kind of rules i have to had, i am running Snort IDS on Redhat. waiting for you responce. Thanks Sunil Kumar On 1/20/07, Joel Esler <joel.esler () sourcefire com> wrote:
Snort will analyze all traffic by default. Do you have any udp and icmp traffic that could be triggering rules? Are you using Snort as a packet logger or and IDS? Do you have udp and icmp rules turned on? What is your Snort command line look like? Joel On Sat, Jan 20, 2007 at 04:22:26PM +0300, it looks like Sunil Kumar sent me: > > Dear all, > > I was looking for how to log ICMP and UDP traffic on my Redhat SNORT. > > > > I am able see only TCP logs not ICMP AND UDP. > > > > If anyone know please post the procedure and configuration how to log > ICMP and UDP packets on my SNORT IDS. > > > > Thanks > > Sunil > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Snort-users mailing list > Snort-users () lists sourceforge net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users +---------------------------------------------------------------------+ joel esler senior security consultant 1-706-627-2101 gpg key: http://demo.sourcefire.com/jesler.pgp.key +---------------------------------------------------------------------+
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP AND UDP Sunil Kumar (Jan 20)
- Re: ICMP AND UDP Joel Esler (Jan 20)
- Re: ICMP AND UDP Joel Esler (Jan 20)
- Re: ICMP AND UDP Sunil Kumar (Jan 20)
- Re: ICMP AND UDP Joel Esler (Jan 20)
- Re: ICMP AND UDP Joel Esler (Jan 20)