Snort mailing list archives
Re: Snort stopped sniffing on hub
From: "Gerardo Gregory" <ggregory () affinitas net>
Date: Tue, 15 Jan 2002 13:47:10 -0600
When all else fails look at your layer 1? or wait.... Should it not be, When something fails always look first at your layer 1? ----- Original Message ----- From: "Cody Hatch" <cody () hatch-house net> To: <snort-users () lists sourceforge net> Sent: Tuesday, January 15, 2002 1:30 PM Subject: Re: [Snort-users] Snort stopped sniffing on hub
Thanks. I figured out what it was. Some idiot moved my Snort box onto a switch without telling me. The fact that I was on a hub was just something that I took for granted. I've got it figured out now. Thanks, Cody"Cody Hatch" <cody () hatch-house net> writes:First of all, I can't find an answer to this question anywhere, so hopefully someone here can help me. I've got Snort on a hub located outside my firewall. It's sniffing all traffic to and from my
firewall
(my internal network is behind my firewall). My Snort box does not
have
a firewall, so my problem isn't that. For a while, Snort worked fine, sniffing all traffic on the hub, then it started only logging traffic destined or from the box Snort is running on. I've got the variable HOME_NET set to any, I've set it to my subnet (xxx.xxx.xxx.0/24), I've tried everything. I'm having Snort log to MySQL, and here are the arguments being given: snort -o -b -i eth0 -D -l /var/log/snort -c /etc/snort/snort.conf I can't think of what my problem is. Why would it work just fine, and then one day start sniffing only traffic to and from its own box? Any ideas?It sounds very much like you are running into 10/100 psuedo hub problems with media mismatch between machines. Try forcing all your nics to either 10 or 100 -- Chris Green <cmg () uab edu> Let not the sands of time get in your lunch. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort stopped sniffing on hub Cody Hatch (Jan 15)
- Re: Snort stopped sniffing on hub Chris Green (Jan 15)
- <Possible follow-ups>
- Re: Snort stopped sniffing on hub Cody Hatch (Jan 15)
- Re: Snort stopped sniffing on hub Gerardo Gregory (Jan 15)