Snort mailing list archives
Tcpdump, alerts and portscans
From: "Jason Lewis" <jlewis () jasonlewis net>
Date: Sun, 24 Jun 2001 22:39:40 -0400
Maybe I have been looking at this too long and I am not seeing the obvious. Or, maybe I made an assumption about tcpdump. I am replaying tcpdump files with snort and putting the info into ACID. I am not seeing any portscans in ACID after the replay. Is this normal? Is it just a configuration setting I have overlooked? I thought tcpdump held all the packet info and snort could replay it and identify portscans. Wrong? On the box that is replaying the tcpdump files, I have the following: output database: log, mysql, dbname=snort_log user=snort host=localhost password=abc123 output database: alert, mysql, dbname=snort_log user=snort host=localhost password=abc123 What am I missing? Jason Lewis http://www.packetnexus.com It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Tcpdump, alerts and portscans Jason Lewis (Jun 24)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Erik Fichtner (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Erik Fichtner (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Martin Roesch (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)