[Snort-users] Unknown POP3 Command

waldo kitty wkitty42 at ...14940...
Wed Jun 5 14:00:37 EDT 2013


On 6/5/2013 11:28, Josh Bitto wrote:
> The only problem with doing a pcap is we use pfsense (open source firewall) and
> it has snort built into it. There is a way to do a pcap for the offending IP’s,
> but doing it continuously isn’t going to happen. I’m already having memory
> issues with the amount of sensors we have and each one using high amount of memory.

if snort has raised an alert, it has captured a pcap of the offending 
packet(s)... by default, those are the snort.log.xxxxxxxxxxxxxxxx files where 
the xes are all numbers... those numbers are the unix timestamp of the current 
starting date and time of snort, IIRC...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list