[Snort-users] Seeking promiscuity, finding only fidelity: frustration reigns ...

Russ Combs rcombs at ...1935...
Mon Apr 22 17:30:10 EDT 2013


Lots of possibilities.  Can you send shutdown or usr1 stats?  Checksums?
 Did you try snort -k none?

On Mon, Apr 22, 2013 at 4:51 PM, Eric Fowler <eric.fowler at ...11827...> wrote:

> Story of my life ...
>
> I have a USB netcard that is in promiscuous mode - ifconfig says it is
> promiscuous,and I can use Wireshark to inspect packets that are sent
> between third party (i.e. not the machine wireshark /snort i s running on).
> I am able to flood the network with UDP traffic of known profile. Wireshark
> sees it. Snort does not.
>
> I have written a simple rule to catch all UDP traffic. It does see some
> packets but all are local.
>
> What is going wrong?
>
> Help a lonely nerd find satisfaction, if only for tonight ....
>
> Eric
>
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130422/cf3c8bae/attachment.html>


More information about the Snort-users mailing list