[Snort-users] SNORT Win32 not capturing packets

Martin Roesch roesch at ...421...
Sun Mar 11 18:40:36 EST 2001


You sure that's a hub and not a switch?  If it is a switch, are all the
NICs running at the same speed (10/100Mbps)?  Either one of those
eventualities can prevent you from sniffing traffic not sent directly to
the sensor machine...

    -Marty

William Kelly wrote:
> 
> All,
> 
> I can't get the win32 version of SNORT to capture packets not addressed
> to system running SNORT.  Am capturing packets sent to both installed
> NIC's and broadcast packets.
> 
> Using command line (below) to output to screen until running correctly.
> 
> snort -v -i 1
> 
> Thanks in advance!
> 
> BACKGROUND:
> 
> Am trying to get snort running in a freestanding test/lab network using
> 4 dual bootable laptops interconnected with an 8 port hub.
> 
> SYSTEM: Gateway PIII 450
> 
> OS: Dual boot Redhat 7 and NT 4.0 service pack 5
> 
> NIC: Gateway internal ethernet card and a 10/100 LAN CardBus PC Card
> (3CCFE574BT).
> 
> HUB: 8 port, not a switch.
> 
> SNORT: win32 version under NT.
> 
> Have generated network traffic using telnet and ping.  SNORT did not
> capture packets without sniffer's ip.
> 
> Have review readme, faq and users mailing list.  Mailing list reflects
> users with similar issues, but no fix yet.
> 
> ____________________________________________________________________
> Get free email and a permanent address at http://www.netaddress.com/?N=1
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list