[Snort-users] plz help

Patrick S. Harper patrick at ...4250...
Thu Oct 14 03:45:36 EDT 2004


Are you on a switch?  If so snort will not see all the traffic.  In that
configuration you either need a true hub (see the archive) or a tap.  First
make sure that snort is working then see if you have a networking problem.
Scan the box or set up a rule to catch all IP traffic




Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Chandana
Bandara
Sent: Thursday, October 14, 2004 2:48 AM
To: Snort
Subject: [Snort-users] plz help

hi , 
 
my snort placed in same network with the other machines. It has only one
interface card. 
 
 
PC A --------- PC B ------------- PC C -------- Snort Box -------- PC D
--------- ....... so on
 
I made ping request PC B to PC D . It is not a nornal ping , added the
packect size 50 000. This can be unknown attack in the network .
But like this alerts why can't detect from the snort ? my snort wont show
such hits ? where is the problem ? can u all help ....plz ?
 
Thank u
chandana
 
 





More information about the Snort-users mailing list