Snort mailing list archives
Re: search by port in ACID
From: Roelof JT Jonkman <roel () SiliconDefense com>
Date: Fri, 08 Mar 2002 15:26:15 -0800
Michael,
Is there a way to specify a port when doing a search in ACID? I want to search for all alerts going to destination ports 137 and 139 but the search page does not seem to have an option to search by port.
Isn't quite straightforward, however, on the main screen, select 'source ports' or 'destination ports', go to port 137 or 139, and click on the number that is under the column 'occurences'. That gives you a list of alerts for the chosen port. It quite what you're asking for, however it might do the job for you. Roel Jonkman Security Engineer http://www.SiliconDefense.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- search by port in ACID Michael Anderson (Mar 08)
- Re: search by port in ACID Roelof JT Jonkman (Mar 08)
- Re: search by port in ACID Mark Rowlands (Mar 09)
- <Possible follow-ups>
- Re: search by port in ACID Roman Danyliw (Mar 09)
- Re: search by port in ACID Roelof JT Jonkman (Mar 08)