[Snort-users] Snort is too quiet!

Guillaume guillaume at ...4029...
Thu Jan 24 01:57:02 EST 2002


>
> Hi ,
>
> Now I can see some TCP alerts in ACID (about 57%) but all of them
> have the same destination address!
> I've already set my NIC to pormisc mode it should see everything
> going on in my network right? (or I might misunderstand
> somrthing).
> Any suggestion?

I forgot: if you installed tcpdump, try to see if you catch more
trafic with that tool. You should not be able to see more with
tcpdump than with snort, for both use the libpcap libraries : it is a
way to be sure snort is not implied with your problem...

If you did not install tcpdump... Just do(wnload) it
(www.tcpdump.org) ! It never hurts to know usefull tools :-)

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]






More information about the Snort-users mailing list