[Snort-users] packet details not being saved
Bob Van Cleef
vancleef at ...211...
Thu Sep 21 20:09:39 EDT 2000
As part of a test I added the following two rules to the snort conf file.
alert TCP any any -> 18.104.22.168/32 any (msg: "NS5 Inbound Traffic"; )
alert TCP 22.214.171.124/32 any -> any any (msg: "NS5 Outbound Traffic"; )
Which were triggered as desired....
[**] NS5 Inbound Traffic [**]
09/20-14:48:07.045308 126.96.36.199:20 -> 188.8.131.52:2087
TCP TTL:52 TOS:0x8 ID:28908 DF
******A* Seq: 0xE26833C5 Ack: 0x3BC30E Win: 0x7D78
[**] NS5 Outbound Traffic [**]
09/20-14:48:07.048422 184.108.40.206:2087 -> 220.127.116.11:20
TCP TTL:31 TOS:0x0 ID:3595 DF
******A* Seq: 0x3BC30E Ack: 0xE2683979 Win: 0x2238
However, no details were captured. I've seen other alerts where the
packet details were not captured in the data directory. What causes that?
My snort command line is:
usr/local/bin/snort -d -c /usr/local/lib/snort/vision.conf -i eth0
><> ><> ><> ><> ><> ><> ><> ><> ><> ><> ><> ><> ><>
Bob Van Cleef, Member of Technical Staff (408) 734-8100
MicroUnity Systems Engineering, Inc. FAX (408) 734-8136
475 Potrero Ave., Sunnyvale, CA 94086 vancleef at ...211...
More information about the Snort-users