TCP PORTSCAN - log all packets?

[Daniel Rocha <listas.dl () gmail com>]

I am running snort 2.3.0 (Build 10) and in my snort.conf i enabled:
"output log_tcpdump: tcpdump.log" to log in binary tcpdump mode.

I am having a problem when i run a tcp portscan (and other types). I
need to see all packets relative with the portscan in the log, and
just two packets are logged, like:

16:13:10.119122 IP 192.168.254.2 > 192.168.254.7: icmp 8: echo request seq 0
16:13:10.451484 IP 192.168.254.2 > 192.168.254.7:  raw 147

And the alert file show:

[**] [1:469:3] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2]
06/06-16:13:10.119122 192.168.254.2 -> 192.168.254.7
ICMP TTL:48 TOS:0x0 ID:52088 IpLen:20 DgmLen:28
Type:8  Code:0  ID:2209   Seq:0  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [122:1:0] (portscan) TCP Portscan [**]
06/06-16:13:10.451484 192.168.254.2 -> 192.168.254.7
RAW TTL:0 TOS:0x0 ID:22633 IpLen:20 DgmLen:167 DF

Anyone knows how can i log all packets?


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users