[Snort-users] Stupid question

Martin Roesch roesch at ...421...
Thu Nov 23 01:30:17 EST 2000


You need to define HOME_NET in the snort-lib file, not with the -h switch. 
The -h switch is only used for determining the relative relationship of one IP
address to another when deciding which end of the packet (src or dst) is on
the home network.  Check out the snort-lib file...

   -Marty

Pieter Blaauw wrote:
> 
> Hi People
> 
> *dons newbie clothing*
> 
> I'm running snort as a test in the following way:
> 
> [root at ...783... snort-1.6.3] ./snort -dev -l /var/log/snort -h
> 127.0.0.1/32 -c rules.local
> 
> rules.local is just the updated rules file you guys were kind enough to
> reference me to.
> 
> When I portscan my localhost with eg. nmap in the following way -
> 
> [root at ...783...] nmap -sT -O -v 127.0.0.1
> 
> or with
> 
> [root at ...783...] nmap -sS -O -v 127.0.0.1
> 
> it does log it to the alerts file, but not the portscan.log
> 
> Now in my infinate newbie status I've just portscanned the localhost with
> nmap, and snort isn't picking it up or not logging it...
> 
> Or am I falling of the bus completely?
> 
> Kind regards
> Pieter
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list