[Snort-users] SNORT Win32 not capturing packets - FU1

William Kelly william_k_kelly at ...770...
Sun Mar 11 20:31:44 EST 2001


I've double checked the hub and it is NOT a switch. All cards are operating at
10mps. I've another hub to test with and will try again.

Thanks!

Bill

Martin Roesch wrote:
> 
> You sure that's a hub and not a switch?  If it is a switch, are all the
> NICs running at the same speed (10/100Mbps)?  Either one of those
> eventualities can prevent you from sniffing traffic not sent directly to
> the sensor machine...
> 
>     -Marty
> 
> William Kelly wrote:
> >
> > All,
> >
> > I can't get the win32 version of SNORT to capture packets not addressed
> > to system running SNORT.  Am capturing packets sent to both installed
> > NIC's and broadcast packets.
> >
> > Using command line (below) to output to screen until running correctly.
> >
> > snort -v -i 1
> >
> > Thanks in advance!
> >
> > BACKGROUND:
> >
> > Am trying to get snort running in a freestanding test/lab network using 4
dual bootable laptops interconnected with an 8 port hub.
> >
> > SYSTEM: Gateway PIII 450
> >
> > OS: Dual boot Redhat 7 and NT 4.0 service pack 5
> >
> > NIC: Gateway internal ethernet card and a 10/100 LAN CardBus PC Card
> > (3CCFE574BT).
> >
> > HUB: 8 port, not a switch.
> >
> > SNORT: win32 version under NT.
> >
> > Have generated network traffic using telnet and ping.  SNORT did not
> > capture packets without sniffer's ip.
> >
> > Have review readme, faq and users mailing list.  Mailing list reflects
> > users with similar issues, but no fix yet.


____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1




More information about the Snort-users mailing list