Snort mailing list archives
Re: packets sent to OWN IP
From: Chris Green <cmg () sourcefire com>
Date: Mon, 17 Nov 2003 14:11:05 -0500
Sharif Corinaldi <sharif () anattempt org> writes:
Snort does not log, or even notice, packets sent to my own IP FROM my IP. Is there a way to see these packets? I'm on a Win2k PC. In one shell I run "snort -vd" and in another I'm running : "ping 127.0.0.1" or "ping localhost" I see the "reply from" notice: Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 but I see no reaction out of snort. If I ping an external host, snort notices the packets just fine. I apologize if someone has already asked this. is there a way to see those internally sent packets? Should I be using a different application?
Those are running over the loopback device in NT and not over your ethernet card. Does NT have an equivalent of the lo device in Linux? -- Chris Green <cmg () sourcefire com> "Not everyone holds these truths to be self-evident, so we've worked up a proof of them as Appendix A." -- Paul Prescod ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- packets sent to OWN IP Sharif Corinaldi (Nov 14)
- Re: packets sent to OWN IP jon baer (Nov 14)
- Re: packets sent to OWN IP Chris Green (Nov 17)