Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Minimal configuration port scanning

From: "Kevin Reiter" <KReiter () insidefsi net>
Date: Fri, 30 Mar 2007 17:33:06 -0400
-----Original Message-----
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net]On Behalf Of Josep
Pujadas i Jubany
Sent: Friday, March 30, 2007 5:17 PM
To: SNORT
Subject: Re: [Snort-users] Minimal configuration port scanning


On Fri, 30 Mar 2007 13:04:11 -0400, Joel Esler wrote 

There is extensive documentation on the sfportscan preprocessor in the 

docs/ directory that came with your Snort software. 

 
Look for README.sfportscan 
 

 
+---------------------------------------------------------------------+ 



Joel,



I read it before ...



Is there any form to test if sfportscan is working?



It seems like not working for my snort.



Thanks,



Josep Pujadas


Portscan your snort sensor and check out the results.  I use a quick nmap scan to test this:

# nmap -v -v -sS -P0 -p1-65535 {snort IP}

Also make sure you specify the logfile to use to log the portscans, and make sure Snort is able to read/write to the 
logfile.

HTH
Kevin


Kevin Reiter
Senior Security Engineer
Financial Services, Inc.
21 Harristown Road
Glen Rock, New Jersey 07452
(201)652-6000, ext. 588
PGP ID: 0xEE665233

This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom 
it is addressed.  If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act 
upon the information contained herein.  Please notify the sender immediately by e-mail if you have received this e-mail 
by mistake and delete this e-mail from your system.


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: