[Snort-users] Snort stopped sniffing on hub

Cody Hatch cody at ...4571...
Tue Jan 15 11:26:03 EST 2002


Thanks.  I figured out what it was.  Some idiot moved my Snort box onto
a switch without telling me.  The fact that I was on a hub was just
something that I took for granted.  I've got it figured out now.

Thanks,
Cody

> "Cody Hatch" <cody at ...4571...> writes:
> 
> > First of all, I can't find an answer to this question anywhere, so
> > hopefully someone here can help me.  I've got Snort on a hub located
> > outside my firewall.  It's sniffing all traffic to and from my firewall
> > (my internal network is behind my firewall).  My Snort box does not have
> > a firewall, so my problem isn't that.  For a while, Snort worked fine,
> > sniffing all traffic on the hub, then it started only logging traffic
> > destined or from the box Snort is running on.  I've got the variable
> > HOME_NET set to any, I've set it to my subnet (xxx.xxx.xxx.0/24), I've
> > tried everything.  I'm having Snort log to MySQL, and here are the
> > arguments being given:
> >
> > snort -o -b -i eth0 -D -l /var/log/snort -c /etc/snort/snort.conf
> >
> > I can't think of what my problem is.  Why would it work just fine, and
> > then one day start sniffing only traffic to and from its own box?  Any
> > ideas?
> >
> 
> It sounds very much like you are running into 10/100 psuedo hub
> problems with media mismatch between machines.  Try forcing all your
> nics to either 10 or 100
> -- 
> Chris Green <cmg at ...671...>
> Let not the sands of time get in your lunch.
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 






More information about the Snort-users mailing list