[Snort-users] No UDP by nmap scan

tino.brandt at ...1820... tino.brandt at ...1820...
Sat May 25 08:36:12 EDT 2002


Hello,

I am running snort-1.8.6 (with mysql and openssl support)  on a SuSe 7.3, libpcap 0.7.1, tcpdump-3.7.1 with
ACID and MySQL. eth1 is on a public side (hooked up to a cisco switch).
command used:

/usr/local/bin/snort -i eth1 -c /usr/local/snort/snort.conf -D -l /var/log/snort

eth1 is brought up by:
ifconfig eth1 promisc up
with no IP assigned.

I can see alerts (spp_portscan) coming from the TCP and (ICMP) side, but no UDP packets (nmap -sU ..).

What is the Problem?


Thanks in advance,
Tino


More information about the Snort-users mailing list