[Snort-sigs] snort cannot monitor traffic

Patrick Mullen pmullen at sourcefire.com
Mon Oct 15 20:56:09 EDT 2018


Hello!

You should direct your question to the snort-users list, but I believe the
first thing you should try is to make sure you are running snort as root
and also you need to know that if you are launching attacks at the device
running snort, unless you disabled hardware checksum offloading, snort will
ignore the traffic due to checksum errors. It is best to run snort on a
separate device, only monitoring traffic.


Thanks,

Patrick

On Mon, Oct 15, 2018, 10:20 AM main chan via Snort-sigs <
snort-sigs at lists.snort.org> wrote:

> Dear sir
>
> I use use one of the blade to monitor mirror the port from a ubuntu which
> install snort, but I can directly ping to nic which has monitor traffic
>
>
> Regrads
>
> Ricky Chan
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20181015/66fd51cd/attachment.html>


More information about the Snort-sigs mailing list