Re: Unknown POP3 Command

[waldo kitty <wkitty42 () windstream net>]

On 6/5/2013 11:28, Josh Bitto wrote:
> The only problem with doing a pcap is we use pfsense (open source firewall) and
> it has snort built into it. There is a way to do a pcap for the offending IP’s,
> but doing it continuously isn’t going to happen. I’m already having memory
> issues with the amount of sensors we have and each one using high amount of memory.

if snort has raised an alert, it has captured a pcap of the offending 
packet(s)... by default, those are the snort.log.xxxxxxxxxxxxxxxx files where 
the xes are all numbers... those numbers are the unix timestamp of the current 
starting date and time of snort, IIRC...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!