For the past couple weeks I've been getting hits on my firewall from locations in India and China..they are getting dropped by my firewall, so no big deal.... but it did get me curious as to what they are.

Thanks to help from Tigershark, I realized Snort is not effective with my current setup, mainly a properly configured firewall. (at least so far it hasn't let me down)

I turned to Ethereal, and have been trying to create a capture rule that captures only UDP packets incoming. I've looked through the Ethereal documents, winpcap rules library, and tcpdump man pages for help.

This is what I've tried so far:

udp - (gives me all udp traffic, in and out)
udp and dst host -(gives me a parse error)
udp and host xxx.xxx.xxx.xxx -(where x is my ip, also gives me a parse error)
udp and host xxx.xxx.xxx.xxx -(parses correctly, but reads nothing)
udp and dst host xxx.xxx.xxx.xxx (parses correctly, but reads nothing)

So, I basically have 2 options. One, Ethereal can't read outside my firewall, or two, I am not configuring my rules correctly. I tried a rule that sniffed all tcp incoming packets, but that didn't catch anything either, so I'm leaning towards improperly configured rule.

Anybody have any thoughts? It's probably something simple...

On the upside, I've learned tons about various sniffers today

EDIT: I'm not running through any switch, just a basic hub (at least I don't think it's switched)

EDIT2: ok, my apologies. I'm running a 2 computer home network (winxp) through a hub. The computer I'm trying to get the sniffer working on is the host.