AW: portscan traffic

["Poppi, Sandro" <Sandro.Poppi () wacker com>]

Eduard,

first of all you'll have to activate the portscanning preprocessor in your
snort.conf (take a look at the shipped snort.conf where good explanations
are included, or use the Snort User's Manual and the FAQs for more info on
that). Then use nmap (www.insecure.orgt/nmap) to scan systems located where
snort listens (BTW, fyodor just released nmap 3.00 a few minutes ago! If
www.insecure.org doesn't work try using the ip# in the hope dns entry is not
spoofed 8).

HTH,
Sandro
> I'm running Snort+ACID+Postgresql and I'd like to know if snort is 
> dtecting portscan traffic, because I see lots of alerts, but none 
> related to portscan traffic. What should I do to test that snort is 
> detecting portscan traffic?.
> Thanks in advance
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users