[Snort-users] Local scan only
mkettler at ...4108...
Sat Sep 7 11:29:04 EDT 2002
As for snort.conf:
make sure HOME_NET is set correctly with the correct CIDR style netmask.
Most snort rules ignore traffic which is not destined to a machine in that
range. For example 192.168.1.0/24 will match all IPs in the 192.168.1.*
range, but 192.168.1.1/32 will only match the single IP 192.168.1.1.
Are you sure your hub is truly passive? (ie: "automatic dual speed hubs"
contain a switch).
try getting windump and seeing if your nic really is seeing the packets. It
uses the same winpcap interface that snort for windows will use.
Windump's homepage (referred from http://www.tcpdump.org/wpcap.html) is:
At 06:22 PM 9/6/2002 -0700, rick bohaty wrote:
>I have snort 1.8.7win32.exe installed on W2K pro. When
>I start the scan only traffic from the snort pc shows
>up. Traffic from all other pcs on the segment (hub)
>doesn't. Do I need to enter the subnet somewhere in
>the snort.conf or command line?
More information about the Snort-users