jsage at ...2022...
Fri Mar 8 10:29:05 EST 2002
On Fri, Mar 08, 2002 at 12:30:43PM -0500, Basil Saragoza wrote:
> When I set home_net in snort.conf to ip address of my firewall everything is
> When I set it to 220.127.116.11/26 then I see onl;y ICMP traffic.....
> (external_net set to any)
> Any reason for such behaviour on snort?
> What is the correlation between home_net and external_net?
1) I would **never** actually post a live IP address, or IP address
range to a mail list -- obfuscate it -- we don't need to know the
actual IP address you've got to work with, and neither does anyone
2) 18.104.22.168/26 corresponds to this:
Address: 22.214.171.124 11010111.01111100.10101111.10 000100
Netmask: 255.255.255.192 == 26 11111111.11111111.11111111.11 000000
Network: 126.96.36.199/26 11010111.01111100.10101111.10 000000 (Class C)
Broadcast: 188.8.131.52 11010111.01111100.10101111.10 111111
HostMin: 184.108.40.206 11010111.01111100.10101111.10 000001
HostMax: 220.127.116.11 11010111.01111100.10101111.10 111110
the (useable) netblock from HostMin: 18.104.22.168 to a HostMax:
22.214.171.124 for a total of 62 hosts.
Is this what you're intending to do?
I have no idea as to why this (the *only*..?) change would suddenly
result in your seeing only icmp traffic.
Is this the only change you've made?
Most people don't type their own logfiles; but, what do I care?
More information about the Snort-users