[Snort-users] packets sent to OWN IP

Chris Green cmg at ...1935...
Mon Nov 17 11:13:21 EST 2003


Sharif Corinaldi <sharif at ...10562...> writes:

> Snort does not log, or even notice, packets sent to my own IP FROM my IP.
>
> Is there a way to see these packets?
>
> I'm on a Win2k PC. In one shell I run "snort -vd" and in another I'm running :
>
> "ping 127.0.0.1"
>
> or
>
> "ping localhost"
>
> I see the "reply from" notice:
> Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
> Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
> Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
> Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
>
> but I see no reaction out of snort. If I ping an external host, snort
> notices the packets just fine.
>
> I apologize if someone has already asked this. is there a way to  see
> those internally sent packets? Should I be using a different
> application?

Those are running over the loopback device in NT and not over your
ethernet card.

Does NT have an equivalent of the lo device in Linux?
-- 
Chris Green <cmg at ...1935...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod




More information about the Snort-users mailing list