[Snort-users] Snort on Linux Help

Michael Aylor maylor at ...1991...
Wed Nov 21 13:50:05 EST 2001

The fact that you're only seeing broadcast traffic would lend itself to
suggest you are not actually monitoring that port like you think you
are.  Have you run tcpdump to verify you're seeing all traffic you're
supposed to, or are you only seeing broadcasts as well?

I would imagine that if libpcap had a problem, it would either not
compile or would generate bizarre errors when snort was compiled....

-----Original Message-----
From: David Wilkeson [mailto:davelist at ...4123...]
Sent: Wednesday, November 21, 2001 2:14 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort on Linux Help

I've been running Snort on a Windows platform on and off for some time
so I 
am fairly well versed in Snort itself.  I recently decided to set up a 
permanent Snort box, and decided that Linux would be better suited for
application.  Well, I've got everything set up and running and I am
by having Snort log everything, but I can't get Snort to see anything
a destination address other than an Ethernet broadcast address (.255),
box itself, or any machine that is connecting directly to the linux 
box.  It's not a physical Ethernet problem as it works fine when I plug
Windows Snort box into that jack on my switch (I have monitoring mode 
turned on for that switch port).  I think it must be a problem with 
libpcap, but I have uninstalled and reinstalled various versions and 
packages including RPMs and source code.  I've made sure that IPCHAINS
disabled.  I am completely out of ideas and my head hurts from beating
repeatedly against the wall.  Anyone else have any thoughts?


Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3457 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011121/3c201d70/attachment.bin>

More information about the Snort-users mailing list