[Snort-users] no TCP traffic except in/out of the snort serv er (SUN 2.7)
jnorth at ...1155...
Tue Jan 16 11:25:41 EST 2001
Are you on a switched network?
Sounds like the usual traffic from such a scenario (localhost traffic and
If that is the case, you will need to do one of two things:
1. Put a hub between two devices (routers, servers, switches, whatever)
where you want to monitor, and put your snort box on that same hub,
2. Put a network tap device (such as a Shomiti Century) between the
aforementioned two devices and run your snort box off of it. You will need
a second NIC for snort to do any external reporting (syslog, email alerting
via swatch, etc.) This also gives you the added advantage of hiding your
sensor from the network at large
From: Fab Lab [mailto:fab_lab at ...125...]
Sent: Tuesday, January 16, 2001 3:55 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] no TCP traffic except in/out of the snort server
Hi there !
I just installed snort-1.7 on a Sparc running 2.7...
I am NOT a sun specialist, NOR a newtwork specialist,NOR .... ;-)
here is what I've done :
installed libnet from
installed libpcap package libpcap-0.4-sol7-sparc-local.bz2
compiled snort w/ gcc .
snort -v -h mynetwork/24
* all the TCP traffic in and out of the SUN,
* some UDP traffic on port 138 (NETBIOS Datagram Service) between
* but doesn't show me any other TCP traffic between any other machine
any idea / suggestion ?
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
More information about the Snort-users