[Snort-users] Snort not alerting although tcpdump shows packet

Gaurav Srivastava gaurav.srivastava7 at ...11827...
Fri Apr 17 07:45:55 EDT 2015


Dear all,

I have a strange issue. I am running snort to observe traffic mirrored from
another VM.
But Snort is not alerting. To verify whether the packets are received or
not I did a tcpdump using following command

sudo tcpdump -w icmp.pcap -i eth0 icmp

And when I read the file using snort using below command:

snort -r icmp.pcap

It displays the ICMP packet logs. But the alert was not generated when
snort was running.

Please suggest. I am stuck here.


Thanks and Regards,
Gaurav
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150417/a1982af5/attachment.html>


More information about the Snort-users mailing list