[Snort-users] ICMP AND UDP

Joel Esler joel.esler at ...1935...
Sat Jan 20 11:42:34 EST 2007


s/is/does

What DOES your Snort command line look like?  Is UDP and ICMP being filtered before it hits your machine?
Are you sure your box is able to see UDP and ICMP traffic?
Are you using it on a span port or tap, or just sniffing from your local machine?

There are alot of different questions and variables that need to be answered.

J


On Sat, Jan 20, 2007 at 11:33:40AM -0500, it looks like Joel Esler sent me:
> Snort will analyze all traffic by default.  Do you have any udp and icmp traffic that could be triggering rules?
> Are you using Snort as a packet logger or and IDS?
> Do you have udp and icmp rules turned on?
> 
> What is your Snort command line look like?
> 
> Joel
> 
> 
> On Sat, Jan 20, 2007 at 04:22:26PM +0300, it looks like Sunil Kumar sent me:
> > 
> >    Dear all,
> > 
> >    I was looking for how to log ICMP and UDP traffic on my Redhat SNORT.
> > 
> > 
> > 
> >    I am able see only TCP logs not ICMP AND UDP.
> > 
> > 
> > 
> >    If anyone know please post the procedure and configuration how to log
> >    ICMP and UDP packets on my SNORT IDS.
> > 
> > 
> > 
> >    Thanks
> > 
> >    Sunil
> 
> > -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share your
> > opinions on IT & business topics through brief surveys - and earn cash
> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 
> +---------------------------------------------------------------------+
> joel esler          senior security consultant         1-706-627-2101
>          gpg key: http://demo.sourcefire.com/jesler.pgp.key
> +---------------------------------------------------------------------+
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



+---------------------------------------------------------------------+
joel esler          senior security consultant         1-706-627-2101
         gpg key: http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+




More information about the Snort-users mailing list