[Snort-users] rule does not alert from nmap

repniksz at ...13889... repniksz at ...13889...
Thu Aug 17 11:10:56 EDT 2006

I've written a very simply rule: 

alert tcp any any -> any 80 (msg: "SYN on 80 port" ; flags: S; ) 

I've started testing, first of all i used just a simply browser to get a 
page from there, and the rule was working. 
But after i've tried use Nmap in some way: 

nmap -sS -P0 -p 80 195.xxx.xxx.xxx 
nmap -P0 -p 80 195.xxx.xxx.xxx 
nmap -s-sacnflags syn -P0 -p 80 195.xxx.xxx.xxx 

All of them sent a SYN to the 80 port. 
I've checked with ethereal. 
But there was not any on the alert file. 
what's wrong? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060817/373b8e4a/attachment.html>

More information about the Snort-users mailing list