[Snort-users] BASE 1.0.2 Unexpected Result /Inconsistency
Bruce.Briggs at ...13183...
Mon Mar 28 12:06:43 EST 2005
1. select an alert Signature from the list.
you get a detail list of the alert packets
2. select Unique Addresses Destination
you get a list of destination IP addrs and packet counts
3. select one of the addresses by clicking on the appropriate IP Address
the value listed in Occurrences as Dest. is the count of all packets
for that IP addr in the database, not those for this specific alert
4. select the count field.
the list displays only packets for the alert Signature for that IP
I would expect consistency.
a) I should get a count in 3. above of only packets from that IP addr
matching the alert Signature, because that is the list that is displayed
- or -
b) in 4. above, I should get all packets matching that IP addr.
My preference is for b).
More information about the Snort-users