Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Only seeing TCP Alerts

From: Matt Martin <MMartin () jwpepper com>
Date: Wed, 11 Jun 2014 21:13:27 +0000
Hello All,

I have recently gotten Snort 2.9.6.0 installed, along with Barnyard2, Oinkmaster, and BASE as the frontend.

When I open the web page on the server for BASE and view the home page I only see, TCP (100%), in the "Traffic Profile 
by Protocol". Everything else, is showing 0%.
For example, I see:
            TCP (100%)
UDP (0%)
ICMP (0%)
Portscan Traffic (0%)

I'm wondering why ALL the others are at 0%? Over the last 48 hours or so there has to have been some kind of UDP 
traffic, don't ya think?
I also attempted to run a portscan (*using "nmap 10.60.114.0/24") on the whole ipvar configured for HOME_NET. But I 
don't think the Portscan part was picked up either...

If I check the MySQL database for snort, the "tcphdr" table has tons of data in it, but the "udphdr" table is 
completely empty. If I run "select * from udphdr", mysql returns "Empty set (0.00 sec)". So I'm not sure if I have 
snort configured correctly or not..?

Is there any tests that anyone could suggest to help me figure out why UDP, ICMP and Portscan are not being picked up?
If you need to see my snort.conf, just let me know. If so does the mailing-list take attachments?

Any thoughts or suggestions would be much appreciated!

Thanks in Advance,
Matt


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: