[Snort-users] Seeking promiscuity, finding only fidelity: frustration reigns ...

Eric Fowler eric.fowler at ...11827...
Mon Apr 22 16:51:38 EDT 2013

Story of my life ...

I have a USB netcard that is in promiscuous mode - ifconfig says it is
promiscuous,and I can use Wireshark to inspect packets that are sent
between third party (i.e. not the machine wireshark /snort i s running on).
I am able to flood the network with UDP traffic of known profile. Wireshark
sees it. Snort does not.

I have written a simple rule to catch all UDP traffic. It does see some
packets but all are local.

What is going wrong?

Help a lonely nerd find satisfaction, if only for tonight ....

