Snort mailing list archives
Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 11 Jun 2003 20:33:46 -0400
At 07:51 PM 6/11/2003 -0400, Gus Faulk wrote:
Snort is not logging anything from the cable modem. I have a remote shell that I have used to do nmap scans and it is not picking up anything. I have a link light on the stealth nic and it is getting traffic.
My first question. Have you tried tcpdump?If tcpdump sees it, snort should see it. If tcpdump doesn't see it, snort won't.
If traffic is coming in and visible to tcpdump, and snort isn't alerting when it should, check your configuration of snort.conf and make sure it really should be alerting for the IP combinations specified. Carefuly check over your external and home net declarations, and what rule files you have included.
Check the rule files themselves.. which rules do you expect your nmap scan to trigger? (note this will varry a LOT depending on what kind of scan you run with nmap, and some kinds of nmap scan may not generate any alerts at all)
------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.0.0, OpenBSD3.3, Netgear EN104TP Gus Faulk (Jun 11)
- Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP Matt Kettler (Jun 11)
- Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP Gus Faulk (Jun 12)
- Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP Matt Kettler (Jun 11)