[Snort-users] I can not see it

Greta.Ji at ...4682... Greta.Ji at ...4682...
Thu Oct 5 13:22:24 EDT 2006


That is my another question. When I run "snort start", I got prompt: 
	Starting snort service:

What should I enter? I know, there are lot of reading, but I just start.


Thank you,

--Greta

-----Original Message-----
From: Patrick S. Harper [mailto:patrick at ...4250...] 
Sent: Thursday, October 05, 2006 12:54 PM
To: Ji, Greta; kisero at ...11827...
Cc: Snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] I can not see it

You will need to change the interface in your init script then restart
snort


-----Original Message-----
From: snort-users-bounces at lists.sourceforge.net
[mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of
Greta.Ji at ...4682...
Sent: Thursday, October 05, 2006 9:37 AM
To: kisero at ...11827...
Cc: Snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it

Esteban,
 
Thank you to answer my mail. I spent few hours, finally fixed the
problem.
When I use "tcpdump -i eth1", I can see the traffic send from switch. 
I have another problem. Snort/BASE only capture eth0 traffic, which I
use for the monitor connection. I can not see traffic on eth1.
 
How can I sniff eth1 traffic to Snort? I checked the snort.conf, I did
not find anywhere for it.
 
Thank you for all of your help,
 
--Greta
________________________________

From: Esteban Ribicic [mailto:kisero at ...11827...]
Sent: Thursday, October 05, 2006 10:12 AM
To: Ji, Greta
Cc: Snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I can not see it


maybe u are confusing the nic u must sniff, try tcpdump -i any -n (under
linux) 


On 10/3/06, Greta.Ji at ...4682... <Greta.Ji at ...4682...> wrote: 

	Hi, 
	 
	I am a new user on this list. I have a simple problem, and hope
to
get a 
	help. I just installed Snort 2.6 on Centos. I follow the
document to
bring 
	eth1 up (eth0 has IP to connect to the Internal network).  But I
can
not 
	see any traffic on eth1 (tcpdump -i eth1). I checked the switch,
I
can see
	traffice on the interface (# sh interface f0/8):
	 
	    monitor session 1 source interface Fa0/2
	    monitor session 1 destination interface Fa0/8
	
	     270471 packets output, 65224246 bytes, 0 underruns
	 
	Did I missing anything at here? Could some one help me?
	 
	Thank you,
	 
	--Greta

	
------------------------------------------------------------------------
-
	Take Surveys. Earn Cash. Influence the Future of IT
	Join SourceForge.net 's Techsay panel and you'll get the chance
to
share your
	opinions on IT & business topics through brief surveys -- and
earn
cash
	
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
V
	
	_______________________________________________
	Snort-users mailing list
	Snort-users at lists.sourceforge.net
	Go to this URL to change user options or unsubscribe:
	https://lists.sourceforge.net/lists/listinfo/snort-users
	Snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>
list
archive:
	http://www.geocrawler.com/redir-sf.php3?list=snort-users
	
	









More information about the Snort-users mailing list