[Snort-users] I can not see it

Greta.Ji at ...4682... Greta.Ji at ...4682...
Thu Oct 5 13:22:24 EDT 2006

That is my another question. When I run "snort start", I got prompt: 
	Starting snort service:

What should I enter? I know, there are lot of reading, but I just start.

Thank you,


-----Original Message-----
From: Patrick S. Harper [mailto:patrick at ...4250...] 
Sent: Thursday, October 05, 2006 12:54 PM
To: Ji, Greta; kisero at ...11827...
Cc: Snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] I can not see it

You will need to change the interface in your init script then restart

-----Original Message-----
From: snort-users-bounces at lists.sourceforge.net
[mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of
Greta.Ji at ...4682...
Sent: Thursday, October 05, 2006 9:37 AM
To: kisero at ...11827...
Cc: Snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it

Thank you to answer my mail. I spent few hours, finally fixed the
When I use "tcpdump -i eth1", I can see the traffic send from switch. 
I have another problem. Snort/BASE only capture eth0 traffic, which I
use for the monitor connection. I can not see traffic on eth1.
How can I sniff eth1 traffic to Snort? I checked the snort.conf, I did
not find anywhere for it.
Thank you for all of your help,

From: Esteban Ribicic [mailto:kisero at ...11827...]
Sent: Thursday, October 05, 2006 10:12 AM
To: Ji, Greta
Cc: Snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it

maybe u are confusing the nic u must sniff, try tcpdump -i any -n (under

On 10/3/06, Greta.Ji at ...4682... <Greta.Ji at ...4682...> wrote: 

	I am a new user on this list. I have a simple problem, and hope
get a 
	help. I just installed Snort 2.6 on Centos. I follow the
document to
	eth1 up (eth0 has IP to connect to the Internal network).  But I
	see any traffic on eth1 (tcpdump -i eth1). I checked the switch,
can see
	traffice on the interface (# sh interface f0/8):
	    monitor session 1 source interface Fa0/2
	    monitor session 1 destination interface Fa0/8
	     270471 packets output, 65224246 bytes, 0 underruns
	Did I missing anything at here? Could some one help me?
	Thank you,

	Take Surveys. Earn Cash. Influence the Future of IT
	Join SourceForge.net 's Techsay panel and you'll get the chance
share your
	opinions on IT & business topics through brief surveys -- and
	Snort-users mailing list
	Snort-users at lists.sourceforge.net
	Go to this URL to change user options or unsubscribe:

More information about the Snort-users mailing list