[Snort-users] -S switch not always followed?

Michael Scheidell scheidell at ...5171...
Mon Mar 13 10:54:01 EST 2006

Tcpdump shows 'nessus_tcp_scanner' scanning ports and using source ip
not listed in -S switch.

Nessus 2.2.7, FBSD 4.11.

Nessus startup  nessus -a -S, -D

REAL ip address 
.64 and .65 are pingable aliases

Nessus.rc: built by deseleting all, selecting only nessus_tcp_scanner
and ping scan.

Under prefs, select tcp ping (built-in) and icmp scan (q 6)

Tcpdump shows icmp's being 'sourced' with .64,65, but shows portscanner
sourced at .133.

More information about the Snort-users mailing list