Snort mailing list archives
Snort startup log
From: Nathan Duval via Snort-users <snort-users () lists snort org>
Date: Mon, 7 Oct 2019 11:02:23 -0500
Hi, I am relatively new to Snort, and I was interested in this information in the startup log: [Rule Port Counts] tcp udp icmp ip src 10 12 0 0 dst 10 20 0 0 any 10 6 5 11 nc 10 3 7 5 s+d 10 7 0 0 Though I wanted to make sure I am understanding this correctly. Based on what I have pasted above, it is stating that I have 10 rules with tcp as the source, and 10 with tcp as the dest? Also, I have 10 using tcp any, and 6 using udp any? So, I am wondering if this is the correct interpretation of that data, but also I was looking for clarity on s+d and nc. Is s+d bidirectional rules? NC... rules with no content match? (just guessing =)) Thanks for any info!
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort startup log Nathan Duval via Snort-users (Oct 07)