Snort mailing list archives
Re: Logging Issue
From: "John D. Caine" <john () valuenetuk com>
Date: Tue, 10 Dec 2002 14:33:40 -0000
I've answered my own question: When you run snort without any options it defaults to running in promiscuous mode. When you specify the -D option it doesn't. Evidently the network I'm on isn't as 'switched' as it should be. John. ----- Original Message ----- From: "John D. Caine" <john () valuenetuk com> To: <snort-users () lists sourceforge net> Sent: Tuesday, December 10, 2002 12:44 PM Subject: [Snort-users] Logging Issue Hello, I've got Snort running and it's logging away quite happily. There is something that makes me scratch my head though. How come it's catching stuff thats not destined for my machine? Here's a scan.log entry: 12/09-16:33:08.677905 ICMP src: 212.4.208.191 dst: 213.239.42.97 type: 8 code: 0 tgts: 8 event_id: 204 The dst IP isn't mine! Does Snort set your ethernet card to be 'promiscuous'? Even so I'm on a swicthed network. I'ts not just portscan that does it it ops up in the normal log too. Does anybody know what causes this or am I reading the logs incorrectly?? Thanks. Regards, John. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- mysql rotation script for alert storms markmormartin (Dec 10)
- Logging Issue John D. Caine (Dec 10)
- Re: Logging Issue John D. Caine (Dec 10)
- Re: mysql rotation script for alert storms Steve Suehring (Dec 10)
- Logging Issue John D. Caine (Dec 10)