[Snort-users] Snort not seeing traffic

Jeremy Hoel jthoel at ...11827...
Mon Aug 27 09:56:42 EDT 2012


How is the interfact between the VM gues and host setup?  Private LAN?
 NAT?  Bridged?

On Mon, Aug 27, 2012 at 6:01 AM, Pratik Narang
<pratik.cse.bits at ...11827...> wrote:
> I have three machines on my test bed- A, B and C. Snort runs on A.
> B and C both have a VM running as well.
> I am unable to understand why Snort is not seeing the traffic that is
> flowing between machine B/VM on B/machine C/VM on C and the internet.
>
>  Snort.conf clearly says-
> # Setup the network addresses you are protecting
> ipvar HOME_NET [172.16.x0.0/24]
>
> # Set up the external network addresses. Leave as "any" in most situations
> ipvar EXTERNAL_NET any
>
> I tried doing packet captures in promiscuous mode on A. Even Wireshark
> doesn't see that traffic from those machines to the internet. So it
> doesn't seem to be any problem with Snort but with my settings.
>
> What am I doing wrong?
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list