Snort mailing list archives

Re: General snort problem

From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 27 Aug 2001 10:42:31 -0700 (PDT)

On Mon, 27 Aug 2001, [iso-8859-1] V. wrote:

True, the Snort box is plugged into a switch but I have enabled the
port mirroring and the snort box should see the same traffic as our
internet firewall. So there should be a lot of traffic to analyze !


Not always.  You might have $HOME_NET set wrong.  Or, you could have one of
those 'helpful' bits o' hardware that does odd things.  What type of a switch
is it?  Can you run tcpdump/snoop/snort -dv on it and see any traffic?

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

read-only cable Daniel Voyer (Aug 27)
- General snort problem V. (Aug 27)
  - Re: General snort problem Michael 'Moose' Dinn (Aug 27)
    - Re: General snort problem V. (Aug 27)
    - Re: General snort problem Erek Adams (Aug 27)
    - Re: General snort problem Daniel Voyer (Aug 28)
- General snort problem V. (Aug 27)
- Re: read-only cable Joe McAlerney (Aug 27)
- <Possible follow-ups>
- RE: read-only cable Thomas Nilsen (Aug 28)