Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP

[Matt Kettler <mkettler () evi-inc com>]

At 07:51 PM 6/11/2003 -0400, Gus Faulk wrote:
> Snort is not logging anything from the cable modem. I have a remote shell 
> that I have used to do nmap scans and
> it is not picking up anything. I have a link light on the stealth nic and 
> it is getting traffic.

My first question. Have you tried tcpdump?

If tcpdump sees it, snort should see it. If tcpdump doesn't see it, snort 
won't.

If traffic is coming in and visible to tcpdump, and snort isn't alerting 
when it should, check your configuration of snort.conf and make sure it 
really should be alerting for the IP combinations specified. Carefuly check 
over your external and home net declarations, and what rule files you have 
included.

Check the rule files themselves.. which rules do you expect your nmap scan 
to trigger? (note this will varry a LOT depending on what kind of scan you 
run with nmap, and some kinds of nmap scan may not generate any alerts at all)





-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users