[Snort-users] ICMP AND UDP

Joel Esler joel.esler at ...1935...
Sat Jan 20 22:45:08 EST 2007


Please post your Snort command line.


On Sat, Jan 20, 2007 at 11:47:34PM +0300, it looks like Sunil Kumar sent me:
> 
>    Hi,
> 
>    i am using Snort as IDS to log ,
> 
>    i can see only tcp logs not icmp and udp,
> 
> 
> 
>    and am not much familier with linux,
> 
>    to enable snort to log icmp and utp ,what kind of rules i have to had,
> 
> 
> 
>    i am running Snort IDS on Redhat.
> 
> 
> 
>    waiting for you responce.
> 
> 
> 
>    Thanks
> 
> 
> 
>    Sunil Kumar
> 
> 
>    On 1/20/07, Joel Esler <[1]joel.esler at ...1935...> wrote:
> 
>      Snort will analyze all traffic by default.  Do you have any udp and
>      icmp traffic that could be triggering rules?
>      Are you using Snort as a packet logger or and IDS?
>      Do you have udp and icmp rules turned on?
>      What is your Snort command line look like?
>      Joel
>      On Sat, Jan 20, 2007 at 04:22:26PM +0300, it looks like Sunil Kumar
>      sent me:
>      >
>      >    Dear all,
>      >
>      >    I was looking for how to log ICMP and UDP traffic on my Redhat
>      SNORT.
>      >
>      >
>      >
>      >    I am able see only TCP logs not ICMP AND UDP.
>      >
>      >
>      >
>      >    If anyone know please post the procedure and configuration how
>      to log
>      >    ICMP and UDP packets on my SNORT IDS.
>      >
>      >
>      >
>      >    Thanks
>      >
>      >    Sunil
>      >
>      -------------------------------------------------------------------
>      ------
>      > Take Surveys. Earn Cash. Influence the Future of IT
>      > Join SourceForge.net's Techsay panel and you'll get the chance to
>      share your
>      > opinions on IT & business topics through brief surveys - and earn
>      cash
>      >
>      [2]http://www.techsay.com/default.php?page=join.php&p=sourceforge&C
>      ID=DEVDEV
>      > _______________________________________________
>      > Snort-users mailing list
>      > [3]Snort-users at lists.sourceforge.net
>      > Go to this URL to change user options or unsubscribe:
>      > [4]https://lists.sourceforge.net/lists/listinfo/snort-users
>      > Snort-users list archive:
>      > [5]http://www.geocrawler.com/redir-sf.php3?list=snort-users 
>      +------------------------------------------------------------------
>      ---+
>      joel esler          senior security consultant
>      1-706-627-2101
>              gpg key: [6]http://demo.sourcefire.com/jesler.pgp.key
>      +------------------------------------------------------------------
>      ---+
> 
> References
> 
>    1. mailto:joel.esler at ...1935...
>    2. http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>    3. mailto:Snort-users at lists.sourceforge.net
>    4. https://lists.sourceforge.net/lists/listinfo/snort-users
>    5. http://www.geocrawler.com/redir-sf.php3?list=snort-users
>    6. http://demo.sourcefire.com/jesler.pgp.key

> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




+---------------------------------------------------------------------+
joel esler          senior security consultant         1-706-627-2101
         gpg key: http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+




More information about the Snort-users mailing list