[Snort-users] Problems with eth1?
rhill at ...2446...
Fri Oct 26 10:11:07 EDT 2001
This is all broadcast based traffic - is your outside monitor on a switch?
If so, has the switch configuration changed recently? If you're on a
switch, you need to be mirroring traffic from the appropriate ports in order
for your card to see it.
Ryan Hill, MCSE
Corporate Information Systems
Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com
v: 206.792.2276 - f: 206.792.2001
> -----Original Message-----
> From: Jason Smith [mailto:jsmith at ...2528...]
> Sent: Friday, October 26, 2001 8:35 AM
> To: Snort Mailing List (E-mail)
> Subject: [Snort-users] Problems with eth1?
> Hello all,
> Here's the problem. I have a Linux box running Redhat 7.1 w/
> 2.4.6. It has two nics both Intel eepro100's. They are both
> monitoring different segements of the network. One is on the
> inside of the firewall and one is on the outside. The
> problem interface is the outside one. I am getting no alerts
> haven't for the last week or so. I do have some simple rules
> that should be tripped every now and then but I'm not even
> getting those. The internal interface does log those rules
> so I know the traffic is there. The output below is from
> running snort -dev -i eth1. If I do this but on eth0 traffic
> just flies by. I'm thinking there is something wrong with
> the network card. Hopefully the output below helps. I have
> also checked the dmesg log, configured syslog to log all
> kernel messages to /var/log/kernel. And neither of these have
> logged anything suspicious.
> Any help is greatly appreciated. Also if you have any other
> questions let me know.
> Jason Smith
More information about the Snort-users