No UDP by nmap scan

[tino.brandt () t-online de]

Hello,

I am running snort-1.8.6 (with mysql and openssl support)  on a SuSe 7.3, libpcap 0.7.1, tcpdump-3.7.1 with
ACID and MySQL. eth1 is on a public side (hooked up to a cisco switch).
command used:

/usr/local/bin/snort -i eth1 -c /usr/local/snort/snort.conf -D -l /var/log/snort

eth1 is brought up by:
ifconfig eth1 promisc up
with no IP assigned.

I can see alerts (spp_portscan) coming from the TCP and (ICMP) side, but no UDP packets (nmap -sU ..).

What is the Problem?


Thanks in advance,
Tino