[Snort-users] Snort missing traffic...?

PJ-ML p.jones.ml at ...8985...
Thu May 8 07:36:07 EDT 2003


Hello all. (Second try)

Just completed a new install. Snort 2.0, RH9 with mysql and acid on a 
server that is 347MHz with 256 MB ram.
(I would like to consider myself learned, but often find that my lack of 
experience places me in the newb category)

  I ran some exploits on the snort server and acid reported them. I ran the 
same exploits on a server in the same sub-net and acid does not report any 
of this. I looked at the alert file in /var/log/snort and nothing regarding 
the exploits run against the other server are there. I am confused. I 
specified my HOME_NET, for example 10.25.1.0/24... The snort server is 
10.24.1.24 and the server I also ran exploits on is 10.25.1.20.

The ethernet link to hub and to other parts of the network are all 100 
base. Could it be the speed of the server? Not sure where to go, I know 
that I must tune the server, but I do not know what to tune if it is not 
seeing even purposeful exploits...I will be more than happy  to give any 
more info that anyone requires to help me figure this out...except for  the 
root password to my machine ;-)

Thanks everyone.

~PJ 





More information about the Snort-users mailing list