Dorian,

At a client site, I deployed bro alongside snort to alert on malicious and just plain "odd" dhcp traffic. It was a great way to detect rogue hosts on the network, rogue dhcp servers, rogue wi-fi access points, things like that.

I wouldn't call this "active scanning", it was certainly passive, but this did turn out to be an incredibly effective, and inexpensive, part of their security deployment.

MJ


On Tue, May 29, 2018 at 10:53 AM Joel Esler (jesler) via Snort-users <snort-users@lists.snort.org> wrote:
I am not exactly sure what you are asking for, but Snort is not an active scanner.


--
Joel Esler
Sr. Manager
Open Source, Design, Web, and Education
Talos Group
http://www.talosintelligence.com

On May 25, 2018, at 3:53 PM, Dorian ROSSE <dorianbrice@hotmail.fr> wrote:

Dear IT community,


How to launch snort as an all time scanner network for a DHCP network scan mode against Virus, Trojan, bad UDP, bad listener, bad program....?(because this server is for Snort ans Nagios)

Thank you in advance to answer my ask,

Regards.


Dorian Rosse.
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette