AW: (Snort-users) snort and nmap

[<sandro.poppi () wacker com>]

Running nmap on the same box as snort does not work with eth0 because your
packets never get on the wire. The kernel says (very simplified): "Hey that's my
IP address so why should I send it out? I'll catch the packets and work on them
inernally."

You should use another box to test the ethernet part and you'll see, snort will
work as expected.

HTH

Ciao,
Sandro


> -----Ursprüngliche Nachricht-----
> Von: Rob Collins <robtompc () yahoo com> at internet
> Gesendet: Mittwoch, 3. Oktober 2001 18:08
> An: snort-users () lists sourceforge net at Internet
> Betreff: [Snort-users] snort and nmap
>
>
> I've got snort on a box with nmap.  while running
> 'snort -vd -i lo' I also run 'nmap -sT 127.0.0.1';
> this works fine and I see some 900 tcp packets fly by.
>  But while running 'snort -vd -l eth0' and running
> 'nmap -sT 192.168.1.5' (which is the valid eth0 ip
> address), I see no tcp packets at all.  What is
> happening?
>
> BTW, I've got Mandrake 7.2 for now. :(
>
> =====
> --r
> "Experience is that marvelous thing that enables you to
> recognize a mistake when you make it again." -- F. P. Jones
>
> __________________________________________________
> Do You Yahoo!?
> NEW from Yahoo! GeoCities - quick and easy web site hosting,
> just $8.95/month.
> http://geocities.yahoo.com/ps/info1
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users