[Snort-users] I can not see it

Greta.Ji at ...4682... Greta.Ji at ...4682...
Thu Oct 5 10:36:53 EDT 2006


Esteban,
 
Thank you to answer my mail. I spent few hours, finally fixed the
problem.
When I use "tcpdump -i eth1", I can see the traffic send from switch. 
I have another problem. Snort/BASE only capture eth0 traffic, which
I use for the monitor connection. I can not see traffic on eth1.
 
How can I sniff eth1 traffic to Snort? I checked the snort.conf, I did
not
find anywhere for it.
 
Thank you for all of your help,
 
--Greta
________________________________

From: Esteban Ribicic [mailto:kisero at ...11827...] 
Sent: Thursday, October 05, 2006 10:12 AM
To: Ji, Greta
Cc: Snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it


maybe u are confusing the nic u must sniff, try tcpdump -i any -n (under
linux) 


On 10/3/06, Greta.Ji at ...4682... <Greta.Ji at ...4682...> wrote: 

	Hi, 
	 
	I am a new user on this list. I have a simple problem, and hope
to get a 
	help. I just installed Snort 2.6 on Centos. I follow the
document to bring 
	eth1 up (eth0 has IP to connect to the Internal network).  But I
can not 
	see any traffic on eth1 (tcpdump -i eth1). I checked the switch,
I can see
	traffice on the interface (# sh interface f0/8):
	 
	    monitor session 1 source interface Fa0/2
	    monitor session 1 destination interface Fa0/8
	
	     270471 packets output, 65224246 bytes, 0 underruns
	 
	Did I missing anything at here? Could some one help me?
	 
	Thank you,
	 
	--Greta

	
------------------------------------------------------------------------
-
	Take Surveys. Earn Cash. Influence the Future of IT
	Join SourceForge.net 's Techsay panel and you'll get the chance
to share your
	opinions on IT & business topics through brief surveys -- and
earn cash
	
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
V
	
	_______________________________________________
	Snort-users mailing list
	Snort-users at lists.sourceforge.net
	Go to this URL to change user options or unsubscribe:
	https://lists.sourceforge.net/lists/listinfo/snort-users
	Snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>
list archive:
	http://www.geocrawler.com/redir-sf.php3?list=snort-users
	
	


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061005/019c9f8d/attachment.html>


More information about the Snort-users mailing list