[Snort-users] icmp again

snortlst snortlst snortlst at ...125...
Thu Oct 25 14:00:07 EDT 2001


I'm still having the sane weird thing and I cannot understand why this
happens:
Snort box (1 nic) connected to the switch and 3 ports (firewall, vpn,
router) are mirrored to the port where snort is connected.
I see only ICMP traffic in alert file. Why?

P.S nic is set to promisc (see it in ifconfig) but snort doesn't set it
automatically, I had manually issue ifconfig eth0 promisc before starting
snort.

Help.





More information about the Snort-users mailing list