[Snort-users] Snort not seeing all traffic?
p.jones.ml at ...8985...
Thu Apr 24 08:28:04 EDT 2003
>I am referring to "alerts" I guess... With that said, I can not find
>"rules" via snort-center, that pertain to port scanning and or the
>exploits like cmd.exe and root.exe... As for the rest, should I run
>something like Ethereal and check traffic that way?
>>:: I wanted to point out that Snort does come up with some traffic, just not
>>:: all...meaning it does not and has not seen attacks/port scans,
>>:: otherwise, on the firewall and the IP addresses it handles. It does see
>>:: traffic/alerts for a server on the switch below it...Not sure where to go
>>:: from here...Should I post my snort.eth1.conf file?
>>When you say that "Snort does come up with some traffic", do you mean that
>>it only alerts on some traffic, or, in sniffer mode, it can only *see* some
>>traffic passing by? If it's the former, then it's just a simple matter of
>>enabling more rules in your conf file. If it's the latter, then yes this
>>is an odd problem to be sure ... why a hub would broadcast some traffic and
>>not others is, well, strange.
>>Cheers - Erick
More information about the Snort-users