Snort mailing list archives
Re: search by port in ACID
From: Mark Rowlands <fuc952d () tninet se>
Date: Sat, 9 Mar 2002 23:20:18 +0100
On Saturday 09 March 2002 12:26 am, Roelof JT Jonkman wrote:
Michael,Is there a way to specify a port when doing a search in ACID? I want to search for all alerts going to destination ports 137 and 139 but the search page does not seem to have an option to search by port.Isn't quite straightforward, however, on the main screen, select 'source ports' or 'destination ports', go to port 137 or 139, and click on the number that is under the column 'occurences'. That gives you a list of alerts for the chosen port. It quite what you're asking for, however it might do the job for you. Roel Jonkman Security Engineer http://www.SiliconDefense.com
dont know which version you're running but on mine cvsupped today ..... if you press that little layer four button you get lots of jolly oprions including port... src or dest. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- search by port in ACID Michael Anderson (Mar 08)
- Re: search by port in ACID Roelof JT Jonkman (Mar 08)
- Re: search by port in ACID Mark Rowlands (Mar 09)
- <Possible follow-ups>
- Re: search by port in ACID Roman Danyliw (Mar 09)
- Re: search by port in ACID Roelof JT Jonkman (Mar 08)