[Snort-users] Unknown POP3 Command
wkitty42 at ...14940...
Wed Jun 5 14:00:37 EDT 2013
On 6/5/2013 11:28, Josh Bitto wrote:
> The only problem with doing a pcap is we use pfsense (open source firewall) and
> it has snort built into it. There is a way to do a pcap for the offending IP’s,
> but doing it continuously isn’t going to happen. I’m already having memory
> issues with the amount of sensors we have and each one using high amount of memory.
if snort has raised an alert, it has captured a pcap of the offending
packet(s)... by default, those are the snort.log.xxxxxxxxxxxxxxxx files where
the xes are all numbers... those numbers are the unix timestamp of the current
starting date and time of snort, IIRC...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users