Snort mailing list archives

Cant see alert for rule

From: "Tom Fulton" <tfulton9909 () comcast net>
Date: Wed, 2 Jun 2004 12:36:30 -0700

1)
Snort 2.0.6 on linux


2)
Three pcs:
  1                     2                       3
w2kPC victim          linux attacker                   linux snort box


3)
I run:
Snort -d -e -v -c /etc/snort/snort.conf     (no errors)


4)
Rule in ftp.rules is:
Alert tcp any any -> any 21 (content: "USER administrator"; msg: "FTP
administrator login attempt";) 


5)
When I run: ftp <IPVictim>  from linux attacker, I don't get any rules fired
on my snort box.


6)
I have a Gigabit Linksys 5-port workgroup switch between them all


Why am I not able to see the alert?

Thanks!

Current thread:

Cant see alert for rule Tom Fulton (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
  - Re: Cant see alert for rule Jeff Coppock (Jun 02)
    - RE: Cant see alert for rule Tom Fulton (Jun 02)
    - RE: Cant see alert for rule Tom Fulton (Jun 02)
- <Possible follow-ups>
- RE: Cant see alert for rule Harper, Patrick (Jun 02)
- Re: Cant see alert for rule SN ORT (Jun 03)
  - HOME_NET question sart (Jun 03)
- RE: Cant see alert for rule Tom Fulton (Jun 03)