Snort mailing list archives

Re: packets sent to OWN IP

From: Chris Green <cmg () sourcefire com>
Date: Mon, 17 Nov 2003 14:11:05 -0500

Sharif Corinaldi <sharif () anattempt org> writes:

Snort does not log, or even notice, packets sent to my own IP FROM my IP.

Is there a way to see these packets?

I'm on a Win2k PC. In one shell I run "snort -vd" and in another I'm running :

"ping 127.0.0.1"

or

"ping localhost"

I see the "reply from" notice:
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128

but I see no reaction out of snort. If I ping an external host, snort
notices the packets just fine.

I apologize if someone has already asked this. is there a way to  see
those internally sent packets? Should I be using a different
application?


Those are running over the loopback device in NT and not over your
ethernet card.

Does NT have an equivalent of the lo device in Linux?
-- 
Chris Green <cmg () sourcefire com>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

packets sent to OWN IP Sharif Corinaldi (Nov 14)
- Re: packets sent to OWN IP jon baer (Nov 14)
- Re: packets sent to OWN IP Chris Green (Nov 17)