[Snort-users] packet details not being saved

Bob Van Cleef vancleef at ...211...
Thu Sep 21 20:09:39 EDT 2000


As part of a test I added the following two rules to the snort conf file.

alert TCP any any -> 192.86.6.101/32 any (msg: "NS5 Inbound Traffic"; )
alert TCP 192.86.6.101/32 any -> any any (msg: "NS5 Outbound Traffic"; )

Which were triggered as desired....

[**] NS5 Inbound Traffic [**]
09/20-14:48:07.045308 209.125.148.135:20 -> 192.86.6.101:2087
TCP TTL:52 TOS:0x8 ID:28908  DF
******A* Seq: 0xE26833C5   Ack: 0x3BC30E   Win: 0x7D78

[**] NS5 Outbound Traffic [**]
09/20-14:48:07.048422 192.86.6.101:2087 -> 209.125.148.135:20
TCP TTL:31 TOS:0x0 ID:3595  DF
******A* Seq: 0x3BC30E   Ack: 0xE2683979   Win: 0x2238

However, no details were captured. I've seen other alerts where the
packet details were not captured in the data directory.  What causes that?

My snort command line is:

usr/local/bin/snort -d -c /usr/local/lib/snort/vision.conf -i eth0 


Bob
><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>  ><>
Bob Van Cleef, Member of Technical Staff         (408) 734-8100
MicroUnity Systems Engineering, Inc.         FAX (408) 734-8136
475 Potrero Ave., Sunnyvale, CA 94086   vancleef at ...211...





More information about the Snort-users mailing list