[Snort-users] spp_portscan

Erek Adams erek at ...577...
Mon Nov 13 23:58:09 EST 2000


	Is there any way to get spp_portscan to log packets when they are
flagged as a 'scan'?  As it stands now, all I'm getting is the line in
portcan.log.  There are many times I _think_ I would like to be able to see
the entire packet that triggered the alarm.  

	I guess this question really has three parts:  Can it be done?  Should
it be done?  Why not do it?

Erek Adams

More information about the Snort-users mailing list