Snort mailing list archives
AW: (Snort-users) snort and nmap
From: <sandro.poppi () wacker com>
Date: Thu, 04 Oct 2001 07:09:00 +0200
Running nmap on the same box as snort does not work with eth0 because your packets never get on the wire. The kernel says (very simplified): "Hey that's my IP address so why should I send it out? I'll catch the packets and work on them inernally." You should use another box to test the ethernet part and you'll see, snort will work as expected. HTH Ciao, Sandro
-----Ursprüngliche Nachricht----- Von: Rob Collins <robtompc () yahoo com> at internet Gesendet: Mittwoch, 3. Oktober 2001 18:08 An: snort-users () lists sourceforge net at Internet Betreff: [Snort-users] snort and nmap I've got snort on a box with nmap. while running 'snort -vd -i lo' I also run 'nmap -sT 127.0.0.1'; this works fine and I see some 900 tcp packets fly by. But while running 'snort -vd -l eth0' and running 'nmap -sT 192.168.1.5' (which is the valid eth0 ip address), I see no tcp packets at all. What is happening? BTW, I've got Mandrake 7.2 for now. :( ===== --r "Experience is that marvelous thing that enables you to recognize a mistake when you make it again." -- F. P. Jones __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) snort and nmap sandro.poppi (Oct 03)