Snort mailing list archives
Re: Snort and TCP Traffic
From: "Keith W. McCammon" <mccammon () gmail com>
Date: Thu, 22 Jul 2004 14:23:49 -0400
Not picking it up and not having it show up someplace else (a reporting tool) may be two entirely different issues. Unless you've used BPF or the like to dismiss TCP traffic, it's highly unlikely that Snort is 1) running and analyzing traffic AND 2) simply ignoring the TCP stuff. Are you using any type of BPF filters? Are you seeing events generated by IP, ICMP, UDP, etc.? Perhaps you should try starting Snort from the command line, with minimal options, binary logging, etc. and see what it picks up. The suggestion that it could be picking up everything *but* TCP (unless configured to do so) is hard to swallow. Unless configured otherwise, the capture function is pretty much all or nothing--not "some." On Thu, 22 Jul 2004 14:53:09 +0100, David Keogh <david.keogh () capetechnologies com> wrote:
Can anyone give me some advice on snort not picking up any TCP traffic? i'm pretty sure i have everything configured properly, like preprocessors enabled i just can't seem to see any TCP traffic when viewed through ACID (Using snort, snortcentre, acid... on sentinix) Regards David ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and TCP Traffic David Keogh (Jul 22)
- Re: Snort and TCP Traffic Keith W. McCammon (Jul 22)
- <Possible follow-ups>
- RE: Snort and TCP Traffic Harper, Patrick (Jul 22)