[Snort-users] AW: (Snort-users) snort and nmap

sandro.poppi at ...3316... sandro.poppi at ...3316...
Wed Oct 3 22:11:02 EDT 2001


Running nmap on the same box as snort does not work with eth0 because your
packets never get on the wire. The kernel says (very simplified): "Hey that's my
IP address so why should I send it out? I'll catch the packets and work on them
inernally."

You should use another box to test the ethernet part and you'll see, snort will
work as expected.

HTH

Ciao,
Sandro


> -----Ursprüngliche Nachricht-----
> Von: Rob Collins <robtompc at ...131...> at internet
> Gesendet: Mittwoch, 3. Oktober 2001 18:08
> An: snort-users at lists.sourceforge.net at Internet
> Betreff: [Snort-users] snort and nmap
>
>
> I've got snort on a box with nmap.  while running
> 'snort -vd -i lo' I also run 'nmap -sT 127.0.0.1';
> this works fine and I see some 900 tcp packets fly by.
>  But while running 'snort -vd -l eth0' and running
> 'nmap -sT 192.168.1.5' (which is the valid eth0 ip
> address), I see no tcp packets at all.  What is
> happening?
>
> BTW, I've got Mandrake 7.2 for now. :(
>
> =====
> --r
> "Experience is that marvelous thing that enables you to
> recognize a mistake when you make it again." -- F. P. Jones
>
> __________________________________________________
> Do You Yahoo!?
> NEW from Yahoo! GeoCities - quick and easy web site hosting,
> just $8.95/month.
> http://geocities.yahoo.com/ps/info1
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list