[Snort-users] Packets being alerted with other hosts, but not the localhost with Snort on it

John Byrne jbyrnescu at gmail.com
Sun Sep 9 21:02:12 EDT 2018

I accidentally replied to just wkitty42…

This message is going to both wkitty42 and the snort user list.

Sorry about that… I just clicked on reply and assumed it would go to the snort user list.

Thanks again,
John Byrne

> On Sep 9, 2018, at 1:31 AM, wkitty42--- via Snort-users <snort-users at lists.snort.org> wrote:
> On 09/08/2018 07:18 PM, John Byrne via Snort-users wrote:
>> Hi Everyone,
>> I’ve spent all day on this and I can’t find the problem.  I’m sure it’s got to be a configuration issue, but I can’t find it.  I’m having a problem with snort detecting packets being sent out of the host that snort is running on.  The other hosts create an alert fine, just not the snort host.  Is there some sort of localhost configuration setting I’m missing somewhere?
> ummm... localhost is not included in $HOME_NET and the only rule i see enabled that might catch localhost originated packets is your 10000024 but you've limited it to IGMP so...
> with that, yes and no, it is and is not a configuration error... it is if you expect localhost to be included in HOME_NET... it is not if you remember localhost is not covered by HOME_NET...
> -- 
> NOTE: No off-list assistance is given without prior approval.
>       *Please keep mailing list traffic on the list unless*
>       *a signed and pre-paid contract is in effect with us.*
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
> 	To unsubscribe, send an email to:
> 	snort-users-leave at lists.snort.org
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

More information about the Snort-users mailing list