Snort mailing list archives

Re: BASE 100% TCP ?

From: Jeremy Hoel <jthoel () gmail com>
Date: Tue, 12 Mar 2013 17:39:45 +0000

Are you running a BPF with snort?

Do you see the scan on the local snort sensor with tcpdump?


On Tue, Mar 12, 2013 at 12:59 PM, Joao Daniel Neves
<joaodanielnevesss () hotmail com> wrote:

Snort Enthusiasts,

I have deployed a Snort with BASE as a GUI. I have attached the BASE Main
screen on this e-mail. If you cant see this jpg I have also upload to this
site
http://servicos.cafecomchips.com.br/Novo/Upload/Exibir_Foto.php?foto=b34243fef3.png

My doubt is  about something in base main screen. As you can see all my
traffic is TCP, I haven't any alerts for port scanner. Or even I don't have
any UDP traffic what is very stranger since there are DNS query going out
the interface that snort is listenning.

What can explaint it?

Further more I have ran port scanner against this snort and it seems that it
did not catch it*

*This snort was deployed on a Firewall machine and I ran the port scanner in
the same interface that snort is listenning, from a outside machine.



------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

BASE 100% TCP ? Joao Daniel Neves (Mar 12)
- Re: BASE 100% TCP ? Jeremy Hoel (Mar 12)
- Re: BASE 100% TCP ? Mike Miller (Mar 12)
  - Re: BASE 100% TCP ? Joao Daniel Neves (Mar 13)