Snort mailing list archives
RE: Snort on Linux Help
From: Michael Aylor <maylor () swbanktx com>
Date: Wed, 21 Nov 2001 15:44:47 -0600
The fact that you're only seeing broadcast traffic would lend itself to suggest you are not actually monitoring that port like you think you are. Have you run tcpdump to verify you're seeing all traffic you're supposed to, or are you only seeing broadcasts as well? I would imagine that if libpcap had a problem, it would either not compile or would generate bizarre errors when snort was compiled.... -----Original Message----- From: David Wilkeson [mailto:davelist () cboss com] Sent: Wednesday, November 21, 2001 2:14 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort on Linux Help I've been running Snort on a Windows platform on and off for some time so I am fairly well versed in Snort itself. I recently decided to set up a permanent Snort box, and decided that Linux would be better suited for this application. Well, I've got everything set up and running and I am testing by having Snort log everything, but I can't get Snort to see anything with a destination address other than an Ethernet broadcast address (.255), the box itself, or any machine that is connecting directly to the linux box. It's not a physical Ethernet problem as it works fine when I plug my Windows Snort box into that jack on my switch (I have monitoring mode turned on for that switch port). I think it must be a problem with libpcap, but I have uninstalled and reinstalled various versions and packages including RPMs and source code. I've made sure that IPCHAINS is disabled. I am completely out of ideas and my head hurts from beating it repeatedly against the wall. Anyone else have any thoughts? TIA! Dave _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Attachment:
smime.p7s
Description:
Current thread:
- Snort on Linux Help David Wilkeson (Nov 21)
- <Possible follow-ups>
- RE: Snort on Linux Help Michael Aylor (Nov 21)
- RE: Snort on Linux Help David Wilkeson (Nov 21)
- RE: Snort on Linux Help Michael Aylor (Nov 21)
- Message not available
- RE: Snort on Linux Help David Wilkeson (Nov 26)
- RE: Snort on Linux Help Erek Adams (Nov 26)
- Message not available
- Re: Snort on Linux Help David Wilkeson (Nov 26)
- Re: Snort on Linux Help John Sage (Nov 26)
- Re: Snort on Linux Help David Wilkeson (Nov 26)
- Re: Snort on Linux Help John Sage (Nov 26)
- RE: Snort on Linux Help Michael Aylor (Nov 26)
- RE: Snort on Linux Help Michael Aylor (Nov 26)
- RE: Snort on Linux Help David Wilkeson (Nov 27)