Snort mailing list archives
Re: Snort stopped sniffing on hub
From: Chris Green <cmg () uab edu>
Date: Tue, 15 Jan 2002 13:00:08 -0600
"Cody Hatch" <cody () hatch-house net> writes:
First of all, I can't find an answer to this question anywhere, so hopefully someone here can help me. I've got Snort on a hub located outside my firewall. It's sniffing all traffic to and from my firewall (my internal network is behind my firewall). My Snort box does not have a firewall, so my problem isn't that. For a while, Snort worked fine, sniffing all traffic on the hub, then it started only logging traffic destined or from the box Snort is running on. I've got the variable HOME_NET set to any, I've set it to my subnet (xxx.xxx.xxx.0/24), I've tried everything. I'm having Snort log to MySQL, and here are the arguments being given: snort -o -b -i eth0 -D -l /var/log/snort -c /etc/snort/snort.conf I can't think of what my problem is. Why would it work just fine, and then one day start sniffing only traffic to and from its own box? Any ideas?
It sounds very much like you are running into 10/100 psuedo hub problems with media mismatch between machines. Try forcing all your nics to either 10 or 100 -- Chris Green <cmg () uab edu> Let not the sands of time get in your lunch. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort stopped sniffing on hub Cody Hatch (Jan 15)
- Re: Snort stopped sniffing on hub Chris Green (Jan 15)
- <Possible follow-ups>
- Re: Snort stopped sniffing on hub Cody Hatch (Jan 15)
- Re: Snort stopped sniffing on hub Gerardo Gregory (Jan 15)