Snort mailing list archives

Re: ICMP AND UDP

From: Joel Esler <joel.esler () sourcefire com>
Date: Sat, 20 Jan 2007 11:33:40 -0500

Snort will analyze all traffic by default.  Do you have any udp and icmp traffic that could be triggering rules?
Are you using Snort as a packet logger or and IDS?
Do you have udp and icmp rules turned on?

What is your Snort command line look like?

Joel


On Sat, Jan 20, 2007 at 04:22:26PM +0300, it looks like Sunil Kumar sent me:


   Dear all,

   I was looking for how to log ICMP and UDP traffic on my Redhat SNORT.



   I am able see only TCP logs not ICMP AND UDP.



   If anyone know please post the procedure and configuration how to log
   ICMP and UDP packets on my SNORT IDS.



   Thanks

   Sunil

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





+---------------------------------------------------------------------+
joel esler          senior security consultant         1-706-627-2101
         gpg key: http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ICMP AND UDP Sunil Kumar (Jan 20)
- Re: ICMP AND UDP Joel Esler (Jan 20)
  - Re: ICMP AND UDP Joel Esler (Jan 20)
  - Re: ICMP AND UDP Sunil Kumar (Jan 20)
    - Re: ICMP AND UDP Joel Esler (Jan 20)