[Snort-users] Snort not seeing all traffic?

PJ p.jones.ml at ...8985...
Thu Apr 24 08:28:04 EDT 2003


>I am referring to "alerts" I guess... With that said, I can not find 
>"rules" via snort-center, that pertain to port scanning and or the 
>exploits like cmd.exe and root.exe... As for the rest, should I run 
>something like Ethereal and check traffic that way?
>
>
>>:: I wanted to point out that Snort does come up with some traffic, just not
>>:: all...meaning it does not and has not seen attacks/port scans, 
>>deliberate or
>>:: otherwise, on the firewall and the IP addresses it handles. It does see
>>:: traffic/alerts for a server on the switch below it...Not sure where to go
>>:: from here...Should I post my snort.eth1.conf file?
>>
>>When you say that "Snort does come up with some traffic", do you mean that
>>it only alerts on some traffic, or, in sniffer mode, it can only *see* some
>>traffic passing by?  If it's the former, then it's just a simple matter of
>>enabling more rules in your conf file.  If it's the latter, then yes this
>>is an odd problem to be sure ... why a hub would broadcast some traffic and
>>not others is, well, strange.
>>
>>Cheers - Erick





More information about the Snort-users mailing list