[Snort-users] Snort stopped sniffing on hub

Cody Hatch cody at ...4571...
Tue Jan 15 10:36:03 EST 2002


First of all, I can't find an answer to this question anywhere, so
hopefully someone here can help me.  I've got Snort on a hub located
outside my firewall.  It's sniffing all traffic to and from my firewall
(my internal network is behind my firewall).  My Snort box does not have
a firewall, so my problem isn't that.  For a while, Snort worked fine,
sniffing all traffic on the hub, then it started only logging traffic
destined or from the box Snort is running on.  I've got the variable
HOME_NET set to any, I've set it to my subnet (xxx.xxx.xxx.0/24), I've
tried everything.  I'm having Snort log to MySQL, and here are the
arguments being given:

snort -o -b -i eth0 -D -l /var/log/snort -c /etc/snort/snort.conf

I can't think of what my problem is.  Why would it work just fine, and
then one day start sniffing only traffic to and from its own box?  Any
ideas?

-Cody




More information about the Snort-users mailing list