[Snort-users] UDP is all I see..

Todd Ransom transom at ...197...
Wed May 16 10:53:36 EDT 2001


Are you sure it's not a switch?  It's possible you are getting broadcasts
only.  Is it a 10/100 hub/switch.  I have found that on a 10/100 hub I can
only sniff traffic running at the same speed as me or destined for me.  I
guess they are bridging the 2 backplanes internally on the hub.

TR

----- Original Message -----
From: "Dr SuSE" <drsuse at ...748...>
To: "Snort Users" <snort-users at lists.sourceforge.net>
Sent: Wednesday, May 16, 2001 10:23 AM
Subject: [Snort-users] UDP is all I see..


> Maybe I'm missing something, I dont know.
>
> I setup a snort 1.7 box on SuSE 7.1 box kernel 2.2.18
> I did not configure my network card with an IP address and it's connected
to a
> hub on my local lan.  I run the command "ifconfig eth1 up" then do a
"snort -
> dv -i eth1"
>
> All I'm able to see is UDP traffic.  What am I missing here?  Any ideas?
>
>
> Thanks,
>
> Doc
>
>
>
>
> ---------------------------------------------
> Microsoft ist nicht installiert.
> http://www.drsuse.org/
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list