AW: no portscan traffic

["Poppi, Sandro" <Sandro.Poppi () wacker com>]

Björn,

I suppose you're nmap'ing on the same host you configured snort to listen on
(e.g. eth0 with linux). Either configure snort to listen on the loopback
device (lo with linux) and namp localhost, or use another station in your
network to nmap your snort box. Make sure you don't have preprocessor
portscan-ignorehosts or portscan2-ignorehosts configured to ignore your nmap
box.

If your snort box is listening on a switch make sure to use a mirror/SPAN
port to receive all the traffic you expect it to receive.

HTH,
Sandro

> Hi all
>
> I use a Snort 1.9.1 and is working fine with ACID ACID v0.9.6b23
> Now I want understand how ACID display alerts... I used nmap 
> to get portscan traffic, but there is still no alert ( 0%) Is 
> there somehting wrong configured? Or has someone a manual to 
> easy understand the alerts?
>
>
> Björn Gosswiler
> Network / Security Engineer
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users