[Snort-users] I can not see it

Patrick S. Harper patrick at ...4250...
Thu Oct 5 12:53:38 EDT 2006

You will need to change the interface in your init script then restart snort

-----Original Message-----
From: snort-users-bounces at lists.sourceforge.net
[mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of
Greta.Ji at ...4682...
Sent: Thursday, October 05, 2006 9:37 AM
To: kisero at ...11827...
Cc: Snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it

Thank you to answer my mail. I spent few hours, finally fixed the problem.
When I use "tcpdump -i eth1", I can see the traffic send from switch. 
I have another problem. Snort/BASE only capture eth0 traffic, which
I use for the monitor connection. I can not see traffic on eth1.
How can I sniff eth1 traffic to Snort? I checked the snort.conf, I did not
find anywhere for it.
Thank you for all of your help,

From: Esteban Ribicic [mailto:kisero at ...11827...] 
Sent: Thursday, October 05, 2006 10:12 AM
To: Ji, Greta
Cc: Snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it

maybe u are confusing the nic u must sniff, try tcpdump -i any -n (under

On 10/3/06, Greta.Ji at ...4682... <Greta.Ji at ...4682...> wrote: 

	I am a new user on this list. I have a simple problem, and hope to
get a 
	help. I just installed Snort 2.6 on Centos. I follow the document to
	eth1 up (eth0 has IP to connect to the Internal network).  But I can
	see any traffic on eth1 (tcpdump -i eth1). I checked the switch, I
can see
	traffice on the interface (# sh interface f0/8):
	    monitor session 1 source interface Fa0/2
	    monitor session 1 destination interface Fa0/8
	     270471 packets output, 65224246 bytes, 0 underruns
	Did I missing anything at here? Could some one help me?
	Thank you,

	Take Surveys. Earn Cash. Influence the Future of IT
	Join SourceForge.net 's Techsay panel and you'll get the chance to
share your
	opinions on IT & business topics through brief surveys -- and earn
	Snort-users mailing list
	Snort-users at lists.sourceforge.net
	Go to this URL to change user options or unsubscribe:
<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>  list

More information about the Snort-users mailing list