[Snort-users] I can not see it

Greta.Ji at ...4682... Greta.Ji at ...4682...
Thu Oct 5 10:36:53 EDT 2006

Thank you to answer my mail. I spent few hours, finally fixed the
When I use "tcpdump -i eth1", I can see the traffic send from switch. 
I have another problem. Snort/BASE only capture eth0 traffic, which
I use for the monitor connection. I can not see traffic on eth1.
How can I sniff eth1 traffic to Snort? I checked the snort.conf, I did
find anywhere for it.
Thank you for all of your help,

From: Esteban Ribicic [mailto:kisero at ...11827...] 
Sent: Thursday, October 05, 2006 10:12 AM
To: Ji, Greta
Cc: Snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it

maybe u are confusing the nic u must sniff, try tcpdump -i any -n (under

On 10/3/06, Greta.Ji at ...4682... <Greta.Ji at ...4682...> wrote: 

	I am a new user on this list. I have a simple problem, and hope
to get a 
	help. I just installed Snort 2.6 on Centos. I follow the
document to bring 
	eth1 up (eth0 has IP to connect to the Internal network).  But I
can not 
	see any traffic on eth1 (tcpdump -i eth1). I checked the switch,
I can see
	traffice on the interface (# sh interface f0/8):
	    monitor session 1 source interface Fa0/2
	    monitor session 1 destination interface Fa0/8
	     270471 packets output, 65224246 bytes, 0 underruns
	Did I missing anything at here? Could some one help me?
	Thank you,

	Take Surveys. Earn Cash. Influence the Future of IT
	Join SourceForge.net 's Techsay panel and you'll get the chance
to share your
	opinions on IT & business topics through brief surveys -- and
earn cash
	Snort-users mailing list
	Snort-users at lists.sourceforge.net
	Go to this URL to change user options or unsubscribe:
list archive:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061005/019c9f8d/attachment.html>

More information about the Snort-users mailing list