[Snort-users] Help to run snort on linux machine

sri harsha harsha536 at ...11827...
Tue Mar 2 06:42:33 EST 2010

    I am not able to detect attack packets using snort on linux PC. I
installed snort on a linux PC. I'm using default configuration of
snort.conf. I'm sending attack packets from another linux machine with
destination as the snort installed PC. I'm using snot tool to send attack
packets. I observed the following alert message on the snort PC, when i sent
attack-response packets.

[**] [128:4:1] (spp_ssh) Protocol mismatch [**]
[Priority: 3]
03/02-11:00:08.532684 ->
TCP TTL:197 TOS:0x0 ID:5234 IpLen:20 DgmLen:763
1*U*P*S* Seq: 0xA34D20A2  Ack: 0x97C04470  Win: 0x4B58  TcpLen: 20  UrgPtr:

[**] [122:1:0] (portscan) TCP Portscan [**]
[Priority: 3]
03/02-11:00:08.532692 ->
PROTO:255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:155 DF

[**] [128:4:1] (spp_ssh) Protocol mismatch [**]
[Priority: 3]
03/02-11:00:14.590679 ->
TCP TTL:83 TOS:0x0 ID:50679 IpLen:20 DgmLen:406
1****RSF Seq: 0xD5A78410  Ack: 0xBE5E0E08  Win: 0x39F5  TcpLen: 20

[**] [128:4:1] (spp_ssh) Protocol mismatch [**]
[Priority: 3]
03/02-11:00:17.620154 ->
TCP TTL:252 TOS:0x0 ID:21173 IpLen:20 DgmLen:483
12U*P*S* Seq: 0xDB2FE072  Ack: 0x32A91A5C  Win: 0x8447  TcpLen: 20  UrgPtr:

Do i need to make any changes in the configuration of snort.conf? Thanks for
any help in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100302/73fe0650/attachment.html>

More information about the Snort-users mailing list