[Snort-users] Snort 2.0.0, OpenBSD3.3, Netgear EN104TP

Matt Kettler mkettler at ...4108...
Wed Jun 11 17:36:24 EDT 2003


At 07:51 PM 6/11/2003 -0400, Gus Faulk wrote:
>Snort is not logging anything from the cable modem. I have a remote shell 
>that I have used to do nmap scans and
>it is not picking up anything. I have a link light on the stealth nic and 
>it is getting traffic.

My first question. Have you tried tcpdump?

If tcpdump sees it, snort should see it. If tcpdump doesn't see it, snort 
won't.

If traffic is coming in and visible to tcpdump, and snort isn't alerting 
when it should, check your configuration of snort.conf and make sure it 
really should be alerting for the IP combinations specified. Carefuly check 
over your external and home net declarations, and what rule files you have 
included.

Check the rule files themselves.. which rules do you expect your nmap scan 
to trigger? (note this will varry a LOT depending on what kind of scan you 
run with nmap, and some kinds of nmap scan may not generate any alerts at all)







More information about the Snort-users mailing list