Snort mailing list archives
Re: Need help with base
From: Nick Moore <nmoore () sourcefire com>
Date: Fri, 26 Mar 2010 05:52:48 -0500
KW, What is your source of traffic? Are you plugged into a switch? If a switch port is not SPAN'ed, you will not see interesting traffic. You can double check your traffic source by running snort in sniffer mode to output to your console. If you do not see workstations other than your own using TCP/UDP connections at ports 25, 53, 80, 110, 135, 138, 139, 443, 445... you may be connected to a switch port and will only see ARP and other broadcast traffic. For Snort or any IDS to work well, you need a traffic Source in a shared network medium, such as a hub, SPAN from a switch or network tap between two network devices, e.g. a switch and a firewall. Hope this helps. Sent from my mobile device. Nick Moore Phone 708-336-9041 Email nmoore () Sourcefire com On Mar 25, 2010, at 22:40, Kum Weng Luey <kumwengluey () gmail com> wrote:
Hi all, I am new to snort and currently running snort with barnyard and base. I ran into something weird. BASE does not show TCP or UDP protocols only ICMP is displayed. I have also went into mysql database and also noticed that tcphdr and udphdr are not logged. Is there any reason why? Would appreciate any help.. KW --- --- --- --------------------------------------------------------------------- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Need help with base Kum Weng Luey (Mar 25)
- Re: Need help with base Nick Moore (Mar 26)
- Re: Need help with base Kum Weng Luey (Mar 26)
- Re: Need help with base Nick Moore (Mar 26)