Snort mailing list archives
Promiscuous monitoring
From: "Eric Ferguson" <eric.ferguson () jaguartech com>
Date: Tue, 2 Jul 2002 07:05:50 -0400
I have Snort 1.8.6 running on Red Hat 7.3 with ACID and MySQL. I start Snort with the -v option to verify that Snort is seeing traffic and all seems well. My only problem is that attacks (ones I generate myself) are only logged if directed at the Snort IP address. If I direct an attack to another machine on the same subnet, Snort does not identify the attack (yes I am running a hub and not a switch.:-)). Sounds like something simple to me, I am just not sure what it is. Thanks, Eric Ferguson - NNCSE 4440 Embassy Drive Sykesville, Md. 21784 phone: 410-876-0585 cell: 443-677-6119 email: eric.ferguson () jaguartech com
Attachment:
Eric V Ferguson (eric.ferguson@jaguartech.com).vcf
Description:
Current thread:
- Promiscuous monitoring Eric Ferguson (Jul 02)
- <Possible follow-ups>
- RE: Promiscuous monitoring Jason Gauthier (Jul 02)
- RE: Promiscuous monitoring Francis Yom (Jul 02)
- RE: Promiscuous monitoring Francis Yom (Jul 02)
- RE: Promiscuous monitoring Erek Adams (Jul 02)
- RE: Promiscuous monitoring Francis Yom (Jul 02)
- RE: Promiscuous monitoring Erek Adams (Jul 02)
- RE: Promiscuous monitoring Erek Adams (Jul 02)
- ipchains intergration electroteque (Jul 02)
- Re: ipchains intergration Skip Carter (Jul 02)