[Snort-users] Snort windows collect little than snort linux

Matt Kettler mkettler at ...4108...
Tue Nov 2 07:28:39 EST 2004


At 04:55 AM 11/2/2004, dogfart big wrote:
>I install snort on win2k with winpcap and snort on linux with same rules.
>
>When I start retina to scan machines I get a lot of log messages RPC, 
>WEB-CGI, Front page and lot lot of attacks.....
>
>Do the same with snort on windows get the 3 allerts all (http-inspect)
>
>What is the trick?

What are your packet drop rates like?

Are you sure the NIC on the windows box is going promisc? (try running 
windump, packetyzer, or other packet sniffer for windows to check).







More information about the Snort-users mailing list