Snort mailing list archives
RE: Promiscuous monitoring
From: Francis Yom <fyom () symmsys com>
Date: 02 Jul 2002 09:22:11 -0400
I have the exact same problem. I hope someone can pass a clue as to what might be causing this. -francis On Tue, 2002-07-02 at 08:02, Jason Gauthier wrote:
My first thought is that the EXTERNAL_NET variable isn't set right. Is that assigned as "any"? -----Original Message----- From: Eric Ferguson [mailto:eric.ferguson () jaguartech com] Sent: Tuesday, July 02, 2002 7:06 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Promiscuous monitoring I have Snort 1.8.6 running on Red Hat 7.3 with ACID and MySQL. I start Snort with the -v option to verify that Snort is seeing traffic and all seems well. My only problem is that attacks (ones I generate myself) are only logged if directed at the Snort IP address. If I direct an attack to another machine on the same subnet, Snort does not identify the attack (yes I am running a hub and not a switch...:-)). Sounds like something simple to me, I am just not sure what it is. Thanks, Eric Ferguson - NNCSE 4440 Embassy Drive Sykesville, Md. 21784 phone: 410-876-0585 cell: 443-677-6119 email: eric.ferguson () jaguartech com
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Promiscuous monitoring Eric Ferguson (Jul 02)
- <Possible follow-ups>
- RE: Promiscuous monitoring Jason Gauthier (Jul 02)
- RE: Promiscuous monitoring Francis Yom (Jul 02)
- RE: Promiscuous monitoring Francis Yom (Jul 02)
- RE: Promiscuous monitoring Erek Adams (Jul 02)
- RE: Promiscuous monitoring Francis Yom (Jul 02)
- RE: Promiscuous monitoring Erek Adams (Jul 02)
- RE: Promiscuous monitoring Erek Adams (Jul 02)
- ipchains intergration electroteque (Jul 02)
- Re: ipchains intergration Skip Carter (Jul 02)