Snort mailing list archives
ACID / SnortSnarf
From: "Fred McFeeters" <nfolink () hotmail com>
Date: Sun, 25 Jan 2004 00:57:03 -0600
Hello I currently have working 2 snort sensors one on my firewall and one inside the firewall with a MySql and web server with acid on another pc. Now I have seen snortsnarf and thought it was pretty lame but it did do one thing I can't figure out how to do in acid. When it detected a port scan snortsnarf allows me to see every port that they tried to connect to I get a list of there scan so I can get some kind of idea what they where looking for. Any one knows how to do this with acid when my sensors are located on sepearte machines so I don't have access to the portscan.log file.
Current thread:
- ACID / SnortSnarf Fred McFeeters (Jan 27)