[Snort-users] Newbie Questions

Justin Heath justin.heath at ...11827...
Fri Oct 27 10:55:33 EDT 2006


Here is one thing you may want to check to help troubleshoot your issue.
Capture some traffic using tcpdump (~10,000 packets and set you snaplen to
0). Read back the pcap with both versions of snort and compare the the final
packet statistcs.

On 10/26/06, Davis Lee <lee_d at ...13965...> wrote:
>
> Greetings & TIA,
>
> I have two boxes plugged into the same switch.
>
> One is Snort 2.44 on FC4 displayed through Base 1.2.2 (cindy).
>
> Two is Snort 2.6.02 on FC5 displayed through Base 1.2.6 (Christine).
>
> AFAIK, the snort.conf files are identical (at least my visual step
> through shows them to be the same). Also, the local.rules file is almost
> the same, except for the order of listing.
>
> Cindy is giving me a whole lot more info than Christine. Christine only
> shows UDP, and misses a lot of info that Wireshark, running on her box,
> does show.
>
> Where should I start in order to get more info from Christine? I've
> looked at var/log/snort and I think Christine is reporting all she sees.
>
>
>
> Thanks,
> Davis Lee
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061027/2db0fe3a/attachment.html>


More information about the Snort-users mailing list