[Snort-users] Snort is too quiet!

sirikanya at ...4625... sirikanya at ...4625...
Wed Jan 23 18:35:02 EST 2002


Hi ,

Now I can see some TCP alerts in ACID (about 57%) but all of them have the
same destination address!
I've already set my NIC to pormisc mode it should see everything going on
in my network right? (or I might misunderstand somrthing).
Any suggestion?

Thank you.


P.S. To everyone who gave me such a wonderful advice before, thank you very
very much.

Best Regards,
Sirikanya Buranabunpot
Advanced Business Exchange Co.,Ltd.
Metro Campus
Tel.  :  (662) 727-4026
Fax.  :  (662) 726-2916
email : sirikanya at ...4625...


                                                                                                                 
                      "Guillaume"                                                                                
                      <guillaume at ...4029...>              To:       <sirikanya at ...4625...>                   
                      Sent by:                            cc:       <guillaume at ...4029...>,                      
                      snort-users-admin at ...4626...         <snort-users at lists.sourceforge.net                    
                      ceforge.net                         Subject:  Re: [Snort-users] Snort is too quiet!        
                                                                                                                 
                                                                                                                 
                      01/21/2002 05:13 PM                                                                        
                      Please respond to guillaume                                                                
                                                                                                                 
                                                                                                                 




>
> Hi,
>
> Now I remove -l option and snort starts to catch something( thank
> you!thank you!) but only ICMP packet!!!!
> Is this typically normal ??

Well... it is not typically anormal !! :-)

> I also checked  the /var/log/snort it also has the same ICMP
> alert and no TCP or UDP .
> Forgive me but I'm really new to snort..I have to ask the same
> question again; What did I miss?

What's in your snort.conf file ?

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users








More information about the Snort-users mailing list