[Snort-users] search by port in ACID

Roelof JT Jonkman roel at ...47...
Fri Mar 8 15:27:03 EST 2002


Michael,

> Is there a way to specify a port when doing a search in ACID?  I want to search for all alerts going to destination ports 137 and 139 but the search page does not seem to have an
> option to search by port.

Isn't quite straightforward, however, on the main screen, select 'source ports' 
or 'destination ports', go to port 137 or 139, and click on the number
that is under the column 'occurences'.

That gives you a list of alerts for the chosen port. It quite what you're asking
for, however it might do the job for you.

Roel Jonkman
Security Engineer
http://www.SiliconDefense.com






More information about the Snort-users mailing list