SV: [Snort-users] Snort doesnt detect traffic.

Magnus.M.Glantz at ...3584... Magnus.M.Glantz at ...3584...
Thu May 30 11:54:03 EDT 2002

-----Original message----- 
Från: Erek Adams [mailto:erek at ...577...] 
Skickat: on 2002-05-29 19:57 
Till: Glantz, Magnus M. /Communications /070-211 99 22, 070-211 99 22 
Kopia: snort-users at 
Ämne: Re: [Snort-users] Snort doesnt detect traffic.
On Wed, 29 May 2002 Magnus.M.Glantz at ...3584... wrote:


> Will there be any problems detecting alerts?
> I noticed that you have to define a HOME_NET and EXTERNAL_NET..
> But, for me, it's the same.
> I defined HOME_NET to and EXTERNAL_NET to Any
> I've also tried to do vice versa and define to both....

>>var HOME_NET

Will that work?

The scenario when an IP-adress that is not comes into the net, 

doesnt exist. there is no routing between the private network i'm defending and the Internet/my other private network.


What i'm afraid, is that box1, box2 or box3 get's hacked (they are conencted to the internet) and tries to hack my MsSQL server.. so i wanna sniff for known attacks, and traffic that is between box1, box2, box3 <-> mssql server, and does not goto the sqlport on the mssql server.

> pretty ascii:

>>Ummmm...  Not quite pretty...  :-/  But I can guess the issue.

> other net---mssql----     Hub     ----Snort
>                                   |       |     |
>                              box1 box2 box3
>                                |         |       |
>                                   Internet



>>I'm going to guess that's what your problem is.  If you have all of your
>>devices working at the same speed, then it will work as you expect.  Mixed bag
>>of 10/100 and you only see that type of traffic.

>>Try changing out your hub to a 'dumb' hub and see if that helps.
To my knowledge, it is a 'dumb' hub. I know it's not a switch anyways.

But maybe it got some "switch" properies that is messing up my sniffing?

>>Cheers!  Oh--And one penalty drink.  ;-)
I'm on it.. :-D
Erek Adams

Best regards,

//Magnus Glantz

More information about the Snort-users mailing list