[Snort-users] Snort stopped sniffing on hub

Gerardo Gregory ggregory at ...2954...
Tue Jan 15 11:44:11 EST 2002


When all else fails look at your layer 1?
or wait....
Should it not be,
When something fails always look first at your layer 1?



----- Original Message -----
From: "Cody Hatch" <cody at ...4571...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, January 15, 2002 1:30 PM
Subject: Re: [Snort-users] Snort stopped sniffing on hub


> Thanks.  I figured out what it was.  Some idiot moved my Snort box onto
> a switch without telling me.  The fact that I was on a hub was just
> something that I took for granted.  I've got it figured out now.
>
> Thanks,
> Cody
>
> > "Cody Hatch" <cody at ...4571...> writes:
> >
> > > First of all, I can't find an answer to this question anywhere, so
> > > hopefully someone here can help me.  I've got Snort on a hub located
> > > outside my firewall.  It's sniffing all traffic to and from my
firewall
> > > (my internal network is behind my firewall).  My Snort box does not
have
> > > a firewall, so my problem isn't that.  For a while, Snort worked fine,
> > > sniffing all traffic on the hub, then it started only logging traffic
> > > destined or from the box Snort is running on.  I've got the variable
> > > HOME_NET set to any, I've set it to my subnet (xxx.xxx.xxx.0/24), I've
> > > tried everything.  I'm having Snort log to MySQL, and here are the
> > > arguments being given:
> > >
> > > snort -o -b -i eth0 -D -l /var/log/snort -c /etc/snort/snort.conf
> > >
> > > I can't think of what my problem is.  Why would it work just fine, and
> > > then one day start sniffing only traffic to and from its own box?  Any
> > > ideas?
> > >
> >
> > It sounds very much like you are running into 10/100 psuedo hub
> > problems with media mismatch between machines.  Try forcing all your
> > nics to either 10 or 100
> > --
> > Chris Green <cmg at ...671...>
> > Let not the sands of time get in your lunch.
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list