[Snort-users] I can not see it

Nick Oliver nwoliver at ...11827...
Thu Oct 5 13:39:12 EDT 2006


Snort starts as a service - "service snort start or restart or stop" are the
options there.  In order to shift your sensor to eth1 you need to modify the
snort startup script in the /etc/init.d directory to change the default eth0
to eth1
nwo

On 10/5/06, Greta.Ji at ...4682... <Greta.Ji at ...4682...> wrote:
>
>
> That is my another question. When I run "snort start", I got prompt:
>         Starting snort service:
>
> What should I enter? I know, there are lot of reading, but I just start.
>
>
> Thank you,
>
> --Greta
>
> -----Original Message-----
> From: Patrick S. Harper [mailto:patrick at ...4250...]
> Sent: Thursday, October 05, 2006 12:54 PM
> To: Ji, Greta; kisero at ...11827...
> Cc: Snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] I can not see it
>
> You will need to change the interface in your init script then restart
> snort
>
>
> -----Original Message-----
> From: snort-users-bounces at lists.sourceforge.net
> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of
> Greta.Ji at ...4682...
> Sent: Thursday, October 05, 2006 9:37 AM
> To: kisero at ...11827...
> Cc: Snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] I can not see it
>
> Esteban,
>
> Thank you to answer my mail. I spent few hours, finally fixed the
> problem.
> When I use "tcpdump -i eth1", I can see the traffic send from switch.
> I have another problem. Snort/BASE only capture eth0 traffic, which I
> use for the monitor connection. I can not see traffic on eth1.
>
> How can I sniff eth1 traffic to Snort? I checked the snort.conf, I did
> not find anywhere for it.
>
> Thank you for all of your help,
>
> --Greta
> ________________________________
>
> From: Esteban Ribicic [mailto:kisero at ...11827...]
> Sent: Thursday, October 05, 2006 10:12 AM
> To: Ji, Greta
> Cc: Snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] I can not see it
>
>
> maybe u are confusing the nic u must sniff, try tcpdump -i any -n (under
> linux)
>
>
> On 10/3/06, Greta.Ji at ...4682... <Greta.Ji at ...4682...> wrote:
>
>         Hi,
>
>         I am a new user on this list. I have a simple problem, and hope
> to
> get a
>         help. I just installed Snort 2.6 on Centos. I follow the
> document to
> bring
>         eth1 up (eth0 has IP to connect to the Internal network).  But I
> can
> not
>         see any traffic on eth1 (tcpdump -i eth1). I checked the switch,
> I
> can see
>         traffice on the interface (# sh interface f0/8):
>
>             monitor session 1 source interface Fa0/2
>             monitor session 1 destination interface Fa0/8
>
>              270471 packets output, 65224246 bytes, 0 underruns
>
>         Did I missing anything at here? Could some one help me?
>
>         Thank you,
>
>         --Greta
>
>
> ------------------------------------------------------------------------
> -
>         Take Surveys. Earn Cash. Influence the Future of IT
>         Join SourceForge.net 's Techsay panel and you'll get the chance
> to
> share your
>         opinions on IT & business topics through brief surveys -- and
> earn
> cash
>
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
> V
>
>         _______________________________________________
>         Snort-users mailing list
>         Snort-users at lists.sourceforge.net
>         Go to this URL to change user options or unsubscribe:
>         https://lists.sourceforge.net/lists/listinfo/snort-users
>         Snort-users
> <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>
> list
> archive:
>         http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Now at this last we must take a hard road, a road unforseen.
There lies our hope, if hope it be. To walk into peril to Mordor.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061005/87844fc5/attachment.html>


More information about the Snort-users mailing list