[Snort-users] Snort doesnt detect traffic.

Erek Adams erek at ...577...
Wed May 29 10:58:04 EDT 2002


On Wed, 29 May 2002 Magnus.M.Glantz at ...3584... wrote:

[...snip...]

> Will there be any problems detecting alerts?
> I noticed that you have to define a HOME_NET and EXTERNAL_NET..
> But, for me, it's the same.
> I defined HOME_NET to 192.168.135.0/24 and EXTERNAL_NET to Any
> I've also tried to do vice versa and define 192.168.135.0/24 to both....

var HOME_NET 192.168.135.0/24
var EXTERNAL_NET !$HOME_NET

> pretty ascii:

Ummmm...  Not quite pretty...  :-/  But I can guess the issue.

> other net---mssql----     Hub     ----Snort
>                                   |       |     |
>                              box1 box2 box3
>                                |         |       |
>                                   Internet

[...snip...]

http://www.snort.org/docs/faq.html#6.21

I'm going to guess that's what your problem is.  If you have all of your
devices working at the same speed, then it will work as you expect.  Mixed bag
of 10/100 and you only see that type of traffic.

Try changing out your hub to a 'dumb' hub and see if that helps.

Cheers!  Oh--And one penalty drink.  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list