Snort mailing list archives
Re: Snort not seeing traffic
From: Pratik Narang <pratik.cse.bits () gmail com>
Date: Wed, 29 Aug 2012 14:54:25 +0530
On Tue, Aug 28, 2012 at 8:25 PM, Jeremy Hoel <jthoel () gmail com> wrote:
Ok.. and the machines connect to the internet how? Through a router?
The machines connect through a switch which in turns connects to the border router.
All 4 devices are plugged into the same switch and you are spanning/monitoring the right port on the switch?
"right port"?? not clear to me... Can you see the
traffic with TCPDump?
As I said, I did a run with Wireshark too (in promiscuous mode) but did not see the traffic. If I am not wrong, the simple mistake is that I am connected via a switch, and so, all the network traffic is not visible at my interface.
On Tue, Aug 28, 2012 at 4:01 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:It is in Bridged mode. On Mon, Aug 27, 2012 at 7:26 PM, Jeremy Hoel <jthoel () gmail com> wrote:How is the interfact between the VM gues and host setup? Private LAN? NAT? Bridged? On Mon, Aug 27, 2012 at 6:01 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:I have three machines on my test bed- A, B and C. Snort runs on A. B and C both have a VM running as well. I am unable to understand why Snort is not seeing the traffic that is flowing between machine B/VM on B/machine C/VM on C and the internet. Snort.conf clearly says- # Setup the network addresses you are protecting ipvar HOME_NET [172.16.x0.0/24] # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET any I tried doing packet captures in promiscuous mode on A. Even Wireshark doesn't see that traffic from those machines to the internet. So it doesn't seem to be any problem with Snort but with my settings. What am I doing wrong? ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort not seeing traffic Pratik Narang (Aug 26)
- Re: Snort not seeing traffic Jeremy Hoel (Aug 27)
- Re: Snort not seeing traffic Pratik Narang (Aug 27)
- Re: Snort not seeing traffic Jeremy Hoel (Aug 28)
- Re: Snort not seeing traffic Pratik Narang (Aug 29)
- Re: Snort not seeing traffic Peter Bates (Aug 29)
- Re: Snort not seeing traffic Pratik Narang (Aug 27)
- Re: Snort not seeing traffic Jeremy Hoel (Aug 27)