Snort mailing list archives
Re: Snort not seeing IP-traffic, just Ether/Other
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Thu, 18 Apr 2013 17:23:00 -0400
Try this test first: run tcpdump -i eth0 [other tcpdump options you use] vlan use the option "vlan" as your ONLY filter option, or "vlan and host x.x.x.x" where host x.x.x.x is the ip address of a vlan'd host you want to grab traffic from. Tell us if you see traffic on the interface. If this works, you can give snort a BPF filter to sniff vlan and non-vlan tagged traffic. On Thu, Apr 18, 2013 at 4:42 PM, Eoin Miller < eoin.miller () trojanedbinaries com> wrote:
On 4/18/2013 20:36, Kim.Halavakoski () Crosskey fi wrote:Also, any VLAN action going on? Yes, thre should be and are VLANs on the span port(Windows 7 sees them...) but for some reason the VLAN traffic is not seen by this box with the current configuration and OS..Yea, you need to create your VLAN interface on the box and sniff on that in order to see the packets. Just how the OS is. http://unixfoo.blogspot.com/2007/12/linux-vlan-configuration.html -- Eoin ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort Start up error, (continued)
- Message not available
- Message not available
- Message not available
- Re: Snort Start up error waldo kitty (Apr 18)
- Re: Snort Start up error Said Nurhussein (Apr 18)
- Re: Snort Start up error waldo kitty (Apr 18)
- Re: Snort Start up error Said Nurhussein (Apr 18)
- Re: Snort Start up error waldo kitty (Apr 19)
- Re: Snort not seeing IP-traffic, just Ether/Other Glenn Geller (Apr 18)
- Re: Snort not seeing IP-traffic, just Ether/Other James Lay (Apr 18)
- Re: Snort not seeing IP-traffic, just Ether/Other Kim.Halavakoski () Crosskey fi (Apr 18)
- Re: Snort not seeing IP-traffic, just Ether/Other Eoin Miller (Apr 18)
- Re: Snort not seeing IP-traffic, just Ether/Other Tony Robinson (Apr 18)
- Re: Snort not seeing IP-traffic, just Ether/Other Kim.Halavakoski () Crosskey fi (Apr 18)
- Message not available
- Re: Snort Start up error Said Nurhussein (Apr 19)