[Snort-users] no TCP traffic except in/out of the snort serv er (SUN 2.7)

North, Jason jnorth at ...1155...
Tue Jan 16 11:25:41 EST 2001

Are you on a switched network?
Sounds like the usual traffic from such a scenario (localhost traffic and
broadcast stuff).
If that is the case, you will need to do one of two things:
1. Put a hub between two devices (routers, servers, switches, whatever)
where you want to monitor, and put your snort box on that same hub, 
or preferably
2. Put a network tap device (such as a Shomiti Century) between the
aforementioned two devices and run your snort box off of it.  You will need
a second NIC for snort to do any external reporting (syslog, email alerting
via swatch, etc.)  This also gives you the added advantage of hiding your
sensor from the network at large 

-----Original Message-----
From: Fab Lab [mailto:fab_lab at ...125...]
Sent: Tuesday, January 16, 2001 3:55 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] no TCP traffic except in/out of the snort server
(SUN 2.7)

Hi there !
I just installed snort-1.7 on a Sparc running 2.7...
I am NOT a sun specialist, NOR a newtwork specialist,NOR .... ;-)

here is what I've done :

installed libnet from

installed libpcap package libpcap-0.4-sol7-sparc-local.bz2
from www.sunfreeware.com

compiled snort w/ gcc .

snort -v -h mynetwork/24
shows me
* all the TCP traffic in and out of the SUN,
* some UDP traffic on port 138 (NETBIOS Datagram Service) between
some machines
* but doesn't show me any other TCP traffic between any other machine

any idea / suggestion  ?


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:

More information about the Snort-users mailing list