Snort mailing list archives
RE: Problems with eth1?
From: Ryan Hill <rhill () xypoint com>
Date: Fri, 26 Oct 2001 10:09:26 -0700
Jason, This is all broadcast based traffic - is your outside monitor on a switch? If so, has the switch configuration changed recently? If you're on a switch, you need to be mirroring traffic from the appropriate ports in order for your card to see it. Regards, Ryan Hill, MCSE IT Ninja Corporate Information Systems Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com v: 206.792.2276 - f: 206.792.2001 pgp: 0x17CE70AB
-----Original Message----- From: Jason Smith [mailto:jsmith () firstcellular com] Sent: Friday, October 26, 2001 8:35 AM To: Snort Mailing List (E-mail) Subject: [Snort-users] Problems with eth1? Hello all, Here's the problem. I have a Linux box running Redhat 7.1 w/ 2.4.6. It has two nics both Intel eepro100's. They are both monitoring different segements of the network. One is on the inside of the firewall and one is on the outside. The problem interface is the outside one. I am getting no alerts haven't for the last week or so. I do have some simple rules that should be tripped every now and then but I'm not even getting those. The internal interface does log those rules so I know the traffic is there. The output below is from running snort -dev -i eth1. If I do this but on eth0 traffic just flies by. I'm thinking there is something wrong with the network card. Hopefully the output below helps. I have also checked the dmesg log, configured syslog to log all kernel messages to /var/log/kernel. And neither of these have logged anything suspicious. Any help is greatly appreciated. Also if you have any other questions let me know. Thanks Jason Smith <snip>
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with eth1? Jason Smith (Oct 26)
- <Possible follow-ups>
- RE: Problems with eth1? Ryan Hill (Oct 26)
- RE: Problems with eth1? Jason Smith (Oct 31)