[Snort-users] Problems with eth1?

Jason Smith jsmith at ...2528...
Wed Oct 31 06:06:03 EST 2001


It ended up being the port on the hub.

Thanks for all your suggestions.

Jason

> -----Original Message-----
> From: Jason Smith 
> Sent: Friday, October 26, 2001 12:55 PM
> To: 'Ryan Hill'; Jason Smith; Snort Mailing List (E-mail)
> Subject: RE: [Snort-users] Problems with eth1?
> 
> 
> Ryan,
> 
> It's on a Netgear 9 port hub.
> 
> 
> 
> > Jason,
> > 
> > This is all broadcast based traffic - is your outside monitor 
> > on a switch?
> > If so, has the switch configuration changed recently?  If 
> you're on a
> > switch, you need to be mirroring traffic from the appropriate 
> > ports in order
> > for your card to see it.
> > 
> > Regards,
> > 
> > Ryan Hill, MCSE 
> > IT Ninja
> > Corporate Information Systems
> > Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com
> > v: 206.792.2276 - f: 206.792.2001
> > pgp: 0x17CE70AB
> > 
> > 
> > > -----Original Message-----
> > > From: Jason Smith [mailto:jsmith at ...2528...] 
> > > Sent: Friday, October 26, 2001 8:35 AM
> > > To: Snort Mailing List (E-mail)
> > > Subject: [Snort-users] Problems with eth1?
> > > 
> > > 
> > > Hello all,
> > > 
> > > Here's the problem.  I have a Linux box running Redhat 7.1 w/ 
> > > 2.4.6.  It has two nics both Intel eepro100's.  They are both 
> > > monitoring different segements of the network.  One is on the 
> > > inside of the firewall and one is on the outside.  The 
> > > problem interface is the outside one.  I am getting no alerts 
> > > haven't for the last week or so.  I do have some simple rules 
> > > that should be tripped every now and then but I'm not even 
> > > getting those.  The internal interface does log those rules 
> > > so I know the traffic is there.  The output below is from 
> > > running snort -dev -i eth1.  If I do this but on eth0 traffic 
> > > just flies by.  I'm thinking there is something wrong with 
> > > the network card.  Hopefully the output below helps.  I have 
> > > also checked the dmesg log, configured syslog to log all 
> > > kernel messages to /var/log/kernel. And neither of these have 
> > > logged anything suspicious.  
> > > 
> > > Any help is greatly appreciated.  Also if you have any other 
> > > questions let me know.
> > > 
> > > Thanks
> > > Jason Smith
> > > 
> > > 
> > > 
> > > <snip>
> > 
> 




More information about the Snort-users mailing list