[Snort-users] Snort not seeing all traffic?

Erick Mechler emechler at ...7719...
Thu Apr 24 07:52:10 EDT 2003


:: I wanted to point out that Snort does come up with some traffic, just not
:: all...meaning it does not and has not seen attacks/port scans, deliberate or
:: otherwise, on the firewall and the IP addresses it handles. It does see
:: traffic/alerts for a server on the switch below it...Not sure where to go
:: from here...Should I post my snort.eth1.conf file?

When you say that "Snort does come up with some traffic", do you mean that
it only alerts on some traffic, or, in sniffer mode, it can only *see* some
traffic passing by?  If it's the former, then it's just a simple matter of
enabling more rules in your conf file.  If it's the latter, then yes this
is an odd problem to be sure ... why a hub would broadcast some traffic and
not others is, well, strange.

Cheers - Erick




More information about the Snort-users mailing list