[Snort-users] Wierd snort issue
setests at ...11827...
Wed May 10 14:57:46 EDT 2017
I am running snort 22.214.171.124 on a centOS 7 as shows in . I installed it
off of snort.org pre-compiled rpm package. I am also running PFring stable
rpm package "pfring-6.7.0-1220" on the centOS 7 Box.
I am getting traffic down a couple of SPAN links to my box. Snort triggers
on some alerts just fine. However snort does not trigger on all alerts
which I am expecting to see.
for e.g. I ran tcpdump on both the SPAN interface of snort machine and
captured the packet when I browsed to some site expecting the alerts to
trigger and it did not. Now that I have the tcpdump pcap capture when I
played it back at the very same snort with the -r option I could see snort
showing that alert on the console. What am I doing wrong?
,,_ -*> Snort! <*-
o" )~ Version 126.96.36.199 GRE (Build 56)
'''' By Martin Roesch & The Snort Team:
Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.7.4
Using PCRE version: 8.32 2012-11-30
Using ZLIB version: 1.2.7
More information about the Snort-users