Snort mailing list archives
Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP
From: "Gus Faulk" <glfaulk () cox net>
Date: Fri, 13 Jun 2003 00:03:58 -0400
When I ran tcpdump it was seeing all traffic. The problem was in the snort.conf. My rules were not set up properly. ----- Original Message ----- From: "Matt Kettler" <mkettler () evi-inc com> To: "Gus Faulk" <glfaulk () cox net>; <snort-users () lists sourceforge net> Sent: Wednesday, June 11, 2003 8:33 PM Subject: Re: [Snort-users] Snort 2.0.0, OpenBSD3.3, Netgear EN104TP
At 07:51 PM 6/11/2003 -0400, Gus Faulk wrote:Snort is not logging anything from the cable modem. I have a remote shell that I have used to do nmap scans and it is not picking up anything. I have a link light on the stealth nic and it is getting traffic.My first question. Have you tried tcpdump? If tcpdump sees it, snort should see it. If tcpdump doesn't see it, snort won't. If traffic is coming in and visible to tcpdump, and snort isn't alerting when it should, check your configuration of snort.conf and make sure it really should be alerting for the IP combinations specified. Carefuly
check
over your external and home net declarations, and what rule files you have included. Check the rule files themselves.. which rules do you expect your nmap scan to trigger? (note this will varry a LOT depending on what kind of scan you run with nmap, and some kinds of nmap scan may not generate any alerts at
all)
------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.0.0, OpenBSD3.3, Netgear EN104TP Gus Faulk (Jun 11)
- Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP Matt Kettler (Jun 11)
- Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP Gus Faulk (Jun 12)
- Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP Matt Kettler (Jun 11)