[Snort-users] Snort 2.0.0, OpenBSD3.3, Netgear EN104TP
mkettler at ...4108...
Wed Jun 11 17:36:24 EDT 2003
At 07:51 PM 6/11/2003 -0400, Gus Faulk wrote:
>Snort is not logging anything from the cable modem. I have a remote shell
>that I have used to do nmap scans and
>it is not picking up anything. I have a link light on the stealth nic and
>it is getting traffic.
My first question. Have you tried tcpdump?
If tcpdump sees it, snort should see it. If tcpdump doesn't see it, snort
If traffic is coming in and visible to tcpdump, and snort isn't alerting
when it should, check your configuration of snort.conf and make sure it
really should be alerting for the IP combinations specified. Carefuly check
over your external and home net declarations, and what rule files you have
Check the rule files themselves.. which rules do you expect your nmap scan
to trigger? (note this will varry a LOT depending on what kind of scan you
run with nmap, and some kinds of nmap scan may not generate any alerts at all)
More information about the Snort-users