Snort mailing list archives
Re: Listening openVPN
From: Andre Rodier <andre.rodier () red2 co uk>
Date: Sun, 06 Dec 2009 18:39:19 +0000
Andre Rodier wrote:
Nigel Houghton wrote:On Sun, Dec 6, 2009 at 12:23 PM, Matt Olney <molney () sourcefire com> wrote:When testing new listening setups, I use tcpdump to check what traffic I'm seeing. It uses the same underlying library that snort uses, and provides an immediate view of the traffic. Sent from my iPhone On Dec 6, 2009, at 11:41 AM, Andre Rodier <andre.rodier () red2 co uk> wrote:Hello everybody, After googling around, I can'f find any answer to my question. Is it possible to configure snort to listen on the virtual network adapter of OpenVPN (tap0) ? I have tried to configure snort to do this, but apparently this fail: var HOME_NET [10.10.1.0/24,192.168.0.0/24] 10.10.1/24 is the vpn network address, while 192.168.0.x is the physical network. I use nmap to start a portscan, and the result is accurate on both interfaces. However, the only logs from Snort I have are coming from the physical network interface 192.168.0.0/24, Do I have to do something special to authorise snort to listen this virtual interface ? Thanks. --- --- --- --------------------------------------------------------------------- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersIf you use "snort -dev -i tap0" do you see the traffic you expectHello Matt,Yes, doing this show me the traffic, do I have to conclude that's a configuration error ?ATB André. ------------------------------------------------------------------------ ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience,a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere.http://p.sf.net/sfu/redhat-sfdev2dev ------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Hello everybody,I fixed the problem by reconfiguring the snort package. Debian override the settings in the /etc/snort/snort.conf with custom parameters, and I was unaware of that.
Thanks anyway !
------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Listening openVPN Andre Rodier (Dec 06)
- Re: Listening openVPN Matt Olney (Dec 06)
- Re: Listening openVPN Nigel Houghton (Dec 06)
- Re: Listening openVPN Andre Rodier (Dec 06)
- Re: Listening openVPN Andre Rodier (Dec 06)
- Re: Listening openVPN Nigel Houghton (Dec 06)
- Re: Listening openVPN Matt Olney (Dec 06)