[Snort-users] Snort not seeing traffic

Jeremy Hoel jthoel at ...11827...
Tue Aug 28 10:55:46 EDT 2012


Ok.. and the machines connect to the internet how?  Through a router?
All 4 devices are plugged into the same switch and you are
spanning/monitoring the right port on the switch?  Can you see the
traffic with TCPDump?

On Tue, Aug 28, 2012 at 4:01 AM, Pratik Narang
<pratik.cse.bits at ...11827...> wrote:
> It is in Bridged mode.
>
> On Mon, Aug 27, 2012 at 7:26 PM, Jeremy Hoel <jthoel at ...11827...> wrote:
>> How is the interfact between the VM gues and host setup?  Private LAN?
>>  NAT?  Bridged?
>>
>> On Mon, Aug 27, 2012 at 6:01 AM, Pratik Narang
>> <pratik.cse.bits at ...11827...> wrote:
>>> I have three machines on my test bed- A, B and C. Snort runs on A.
>>> B and C both have a VM running as well.
>>> I am unable to understand why Snort is not seeing the traffic that is
>>> flowing between machine B/VM on B/machine C/VM on C and the internet.
>>>
>>>  Snort.conf clearly says-
>>> # Setup the network addresses you are protecting
>>> ipvar HOME_NET [172.16.x0.0/24]
>>>
>>> # Set up the external network addresses. Leave as "any" in most situations
>>> ipvar EXTERNAL_NET any
>>>
>>> I tried doing packet captures in promiscuous mode on A. Even Wireshark
>>> doesn't see that traffic from those machines to the internet. So it
>>> doesn't seem to be any problem with Snort but with my settings.
>>>
>>> What am I doing wrong?
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list