[Snort-users] Snort with Acid : Network

Joe Dauncey toothbrushhead at ...131...
Tue Aug 27 06:06:02 EDT 2002


j - you should try running snort as a packet sniffer at first, just to 
check that it's seeing all the data it's supposed to.

If you're running on a switch, or a dual-speed non-bridging hub then you 
won't see other traffic on the LAN

Joe

At 11:17 27/08/2002, j wrote:
>Hi,
>
>I have configured snort with mysql, acid. successfully in linux box.
>
>In the configuration i have specified
>
>    var HOME_NET x.x.x.x/22
>    var EXTERNAL_NET any
>
>Now the problem, after running snort  for past 1 week... i am seeing 
>details only of that ip address where snort is installed.
>  and i didn't find any detail of other machines which are in network.
>
>I have done portscan from one machine to another machine, the snort 
>machine which is in same network didn't detect.
>
>is it something more i have to  do ??? ,
>if yes...wht it should be , snice its large network...
>
>Thanx..for help
>
>
>j
>


Joe Dauncey
Email: toothbrushhead at ...131...
PGP Key ID: 0xEAA034D4





More information about the Snort-users mailing list