General snort problem

["V." <debian22 () yahoo fr>]

Hi,

I have a box with Snort running on Solaris 8 (sparc).
Snort is running for a few weeks and it seems that it cannot "see"
everything on the network.
Most of the log entries are ICMP related: Time-To-Live Exceeded in Transit,
Unknow type... but nothing else !
When I try to run a nmap scan against the box or on the network, snort did not
see it !

I have tried with Snort 1.7 and Snort 1.8 (1.8.1 too).
I am using the following parameters:
snort -Ddo -i hme0 -l /var/log/snort -c /var/snort/snort.conf

I think the problem come from the snort installation.
When, I did compile Snort locally, it worked correctly but now, I
am trying to compile it on an other box and copy the binaries on the
IDS box. I copied the following files:
- libfl.a and libpcap.a -> libpcap 
- snort main binary and snort rules files

Any idea on which files I am missing ?
Any suggestions to solve this problem ?

THanks.

Vi.


___________________________________________________________
Do You Yahoo!? -- Un e-mail gratuit @yahoo.fr !
Yahoo! Courrier : http://fr.mail.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users