[Snort-users] ssh-tunnel between sensor and database-server

Steffen Maetzky (extern) estm at ...11508...
Fri Aug 27 05:42:54 EDT 2004

I have build an ssh-tunnel between my snort-sensor and my
database-server and it seems to work.

I had like to control this with tcpdump and it shows something like

	"IP1".32817 > "IP2".22 
	"IP2".22 > "IP1".32817


I expect port 3306 instead of 32817 and that confuses me.

Can anyone explain me why 32817 is used?
Does ssh "hide" the source-port by using it?

Thanks in advance,


More information about the Snort-users mailing list