AW: [Snort-users] no portscan traffic

Poppi, Sandro Sandro.Poppi at ...3316...
Wed Apr 16 05:26:04 EDT 2003


Björn,

I suppose you're nmap'ing on the same host you configured snort to listen on
(e.g. eth0 with linux). Either configure snort to listen on the loopback
device (lo with linux) and namp localhost, or use another station in your
network to nmap your snort box. Make sure you don't have preprocessor
portscan-ignorehosts or portscan2-ignorehosts configured to ignore your nmap
box.

If your snort box is listening on a switch make sure to use a mirror/SPAN
port to receive all the traffic you expect it to receive.

HTH,
Sandro

> 
> Hi all
> 
> I use a Snort 1.9.1 and is working fine with ACID ACID v0.9.6b23
> Now I want understand how ACID display alerts... I used nmap 
> to get portscan traffic, but there is still no alert ( 0%) Is 
> there somehting wrong configured? Or has someone a manual to 
> easy understand the alerts?
> 
> 
> Björn Gosswiler
> Network / Security Engineer
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list