[Snort-users] no TCP traffic except in/out of the snort serv er (SUN 2.7)

Chris Schuler cschuler at ...1139...
Tue Jan 16 08:26:32 EST 2001


Is the Sparc plugged into a switched network?
If so then you need to be placed on a SPAN o Monitor port (Cisco terms) The
port you are plugged into on the switch need to be setup to mirror all
traffic that is switched.  

If you are non-switched environment...dunno, make sure your network card on
the Sparc is entering promiscuous mode (check /var/log/messages)

-----Original Message-----
From: Fab Lab [mailto:fab_lab at ...125...]
Sent: Tuesday, January 16, 2001 5:55 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] no TCP traffic except in/out of the snort server
(SUN 2.7)


Hi there !
I just installed snort-1.7 on a Sparc running 2.7...
I am NOT a sun specialist, NOR a newtwork specialist,NOR .... ;-)

here is what I've done :

installed libnet from
http://www.packetfactory.net/Projects/Libnet/dist/libnet-1.0.1b.tar.gz

installed libpcap package libpcap-0.4-sol7-sparc-local.bz2
from www.sunfreeware.com

compiled snort w/ gcc .

running
snort -v -h mynetwork/24
shows me
* all the TCP traffic in and out of the SUN,
* some UDP traffic on port 138 (NETBIOS Datagram Service) between
some machines
* but doesn't show me any other TCP traffic between any other machine

any idea / suggestion  ?

thanks
fab





_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users




More information about the Snort-users mailing list