Snort mailing list archives
RE: Snort doesn't appear to be looking at everything on our network
From: "Wayne T Work" <securitygauntlet () snet net>
Date: Tue, 22 Oct 2002 12:52:23 -0400
This does not appear to be a problem with snort as much as it is a visibility issue on the PC you are running snort on. Snort does NOT inherently see across a switched network. I would go get WinDump. A windows Sniffer or Ethereal and run it to see what traffic your NIC is seeing. Ethereal is very good. This will verify the you systems visibility. Also, since you running Windows, make sure that your NIC is in promiscuous mode. Good luck, Wayne -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Steve Saunders Sent: Tuesday, October 22, 2002 12:00 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort doesn't appear to be looking at everything on our network Snort doesn't appear to be looking at everything on our network, I don't see any traffic except broadcast and traffic connecting to my pc. One of the rules I setup was to alert me when someone pings on our network, I don't receive any alerts unless my pc gets pinged. If I ping anything else it doesn't alert me. Even when I run snort as a packet sniffer, it never picks up anything except the broadcast. Is there something on our network that could be interfering with it, or am I doing something wrong? The command I use to run Snort is "snort -i2 -c c:\snort\rules.rules -l c:\snort\log", the rule I set in the rules.rules file states "alert icmp any any -> any any (msg: "possible ping attempt";). Thank you, Steve ------------------------------------------------------- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort doesn't appear to be looking at everything on our network Steve Saunders (Oct 22)
- Re: Snort doesn't appear to be looking at everything on our network Chris Green (Oct 22)
- RE: Snort doesn't appear to be looking at everything on our network Wayne T Work (Oct 22)