[Snort-users] BASE 1.0.2 Unexpected Result /Inconsistency

Briggs, Bruce Bruce.Briggs at ...13183...
Mon Mar 28 12:06:43 EST 2005

1. select an alert Signature from the list.
    you get a detail list of the alert packets
2. select Unique Addresses   Destination
    you get a list of destination IP addrs and packet counts
3. select one of the addresses by clicking on the appropriate IP Address
    the value listed in Occurrences as Dest. is the count of all packets
for that IP addr in the database, not those for   this specific alert
4. select the count field.
    the list displays only packets for the alert Signature for that IP

I would expect consistency.
a) I should get a count in 3. above of only packets from that IP addr
matching the alert Signature, because that is the list that is displayed
in 4.
- or -
b) in 4. above, I should get all packets matching that IP addr.

My preference is for b).


More information about the Snort-users mailing list