[Snort-users] @portscan log not showing all decoys

anagha b banagha3 at ...11827...
Tue Nov 19 07:27:06 EST 2013


My sfportscan setting is as follows

preprocessor sfportscan: proto { all }  scan_type { all } sense_level { low
} logfile { /var/log/snort/portscan.log }

I tried to nmap decoy scan on host 192.168.X.1  from 192.168.X.2

nmap -D ** 192.168.X.2  [*firewall Disable* on
both the hosts]

The portscan log is ->

Time: 11/19-16:59:27.309554
event_ref: 0
192.168.x.2 -> 192.168.x.1 (portscan) TCP Portscan
Priority Count: 9
Connection Count: 9
IP Count: 9
Scanner IP Range:
Port/Proto Count: 5
Port/Proto Range: 135:3389

* only one first  decoy ip shown not other decoys.*

*Is their any other way to get decoy ips and I am missing something?*
*snort.log file  is empty always.*
*plz help.*

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131119/6a2e3e2a/attachment.html>

More information about the Snort-users mailing list