Damn, even though Striek hasn’t been around for a while ( before last Christmas as I can tell ), I am glad that the Newbie brought this tut, because I missed it.

First: to white_pawn: You performed a scan on a class A network.
1) 1 host up means it is active, 0 hosts up means it was either not there or stealthed.
2)Where are you going with this?

I am concerned. I see that a lot of work went into this, but questions arose.

Although old, a Google search revealed the following article PortSentry and Snort Compared

Not saying another evaluation wasn’t due, but an explanation may be helpful. Did you do it for a class or school project?

In any case, when reading this, questions came to mind.
Why choose PortSentry ?
How does PortSentry handle IPV6?
What would happen if the scanned machine only used IPV6 ( that’s coming ) ?
How does it react with a stateful, or any firewall in place ?