No subject


Thu Nov 23 16:36:19 EST 2017


> Not to be asking stupid questions, but are you in a switched environment?
Yes, we are in a switched enviroment. We are running an HP 4000M which
allows me to mirror all traffic (on a given vlan) to a specific port, which
I have done. Not a stupid question, but I caught that issue in the docs.

>can you get alerts to the console (other than broadcast) running just
snort -dv
Yes, here is the output. Similar output on 'snort -vade' but I did not copy
it here.

Snort analyzed 69 out of 69 packets, The kernel dropped 0(0.000%) packets
Breakdown by protocol:                Action Stats:
    TCP: 69         (100.000%)         ALERTS: 0
    UDP: 0          (0.000%)          LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)
DISCARD: 0          (0.000%)
============================================================================
===
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
============================================================================
===
TCP Stream Reassembly Stats:
        TCP Packets Used: 0          (0.000%)
         Stream Trackers: 0
          Stream flushes: 0
           Segments used: 0
   Stream4 Memory Faults: 0
============================================================================
===
***AP*** Seq: 0xF73F77E3  Ack: 0x2831E46D  Win: 0xAB20  TcpLen: 20
Snort received signal 2, exiting



More information about the Snort-users mailing list