Snort mailing list archives
Re: Snort not seeing traffic
From: Jeremy Hoel <jthoel () gmail com>
Date: Mon, 27 Aug 2012 13:56:42 +0000
How is the interfact between the VM gues and host setup? Private LAN? NAT? Bridged? On Mon, Aug 27, 2012 at 6:01 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:
I have three machines on my test bed- A, B and C. Snort runs on A. B and C both have a VM running as well. I am unable to understand why Snort is not seeing the traffic that is flowing between machine B/VM on B/machine C/VM on C and the internet. Snort.conf clearly says- # Setup the network addresses you are protecting ipvar HOME_NET [172.16.x0.0/24] # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET any I tried doing packet captures in promiscuous mode on A. Even Wireshark doesn't see that traffic from those machines to the internet. So it doesn't seem to be any problem with Snort but with my settings. What am I doing wrong? ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort not seeing traffic Pratik Narang (Aug 26)
- Re: Snort not seeing traffic Jeremy Hoel (Aug 27)
- Re: Snort not seeing traffic Pratik Narang (Aug 27)
- Re: Snort not seeing traffic Jeremy Hoel (Aug 28)
- Re: Snort not seeing traffic Pratik Narang (Aug 29)
- Re: Snort not seeing traffic Peter Bates (Aug 29)
- Re: Snort not seeing traffic Pratik Narang (Aug 27)
- Re: Snort not seeing traffic Jeremy Hoel (Aug 27)