[Snort-users] SNORT Win32 not capturing packets - FU1
william_k_kelly at ...770...
Sun Mar 11 20:31:44 EST 2001
I've double checked the hub and it is NOT a switch. All cards are operating at
10mps. I've another hub to test with and will try again.
Martin Roesch wrote:
> You sure that's a hub and not a switch? If it is a switch, are all the
> NICs running at the same speed (10/100Mbps)? Either one of those
> eventualities can prevent you from sniffing traffic not sent directly to
> the sensor machine...
> William Kelly wrote:
> > All,
> > I can't get the win32 version of SNORT to capture packets not addressed
> > to system running SNORT. Am capturing packets sent to both installed
> > NIC's and broadcast packets.
> > Using command line (below) to output to screen until running correctly.
> > snort -v -i 1
> > Thanks in advance!
> > BACKGROUND:
> > Am trying to get snort running in a freestanding test/lab network using 4
dual bootable laptops interconnected with an 8 port hub.
> > SYSTEM: Gateway PIII 450
> > OS: Dual boot Redhat 7 and NT 4.0 service pack 5
> > NIC: Gateway internal ethernet card and a 10/100 LAN CardBus PC Card
> > (3CCFE574BT).
> > HUB: 8 port, not a switch.
> > SNORT: win32 version under NT.
> > Have generated network traffic using telnet and ping. SNORT did not
> > capture packets without sniffer's ip.
> > Have review readme, faq and users mailing list. Mailing list reflects
> > users with similar issues, but no fix yet.
Get free email and a permanent address at http://www.netaddress.com/?N=1
More information about the Snort-users