Snort mailing list archives
Re: General snort problem
From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 27 Aug 2001 10:42:31 -0700 (PDT)
On Mon, 27 Aug 2001, [iso-8859-1] V. wrote:
True, the Snort box is plugged into a switch but I have enabled the port mirroring and the snort box should see the same traffic as our internet firewall. So there should be a lot of traffic to analyze !
Not always. You might have $HOME_NET set wrong. Or, you could have one of those 'helpful' bits o' hardware that does odd things. What type of a switch is it? Can you run tcpdump/snoop/snort -dv on it and see any traffic? ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- read-only cable Daniel Voyer (Aug 27)
- General snort problem V. (Aug 27)
- Re: General snort problem Michael 'Moose' Dinn (Aug 27)
- Re: General snort problem V. (Aug 27)
- Re: General snort problem Erek Adams (Aug 27)
- Re: General snort problem Daniel Voyer (Aug 28)
- Re: General snort problem Michael 'Moose' Dinn (Aug 27)
- General snort problem V. (Aug 27)
- General snort problem V. (Aug 27)
- Re: read-only cable Joe McAlerney (Aug 27)
- <Possible follow-ups>
- RE: read-only cable Thomas Nilsen (Aug 28)