Snort mailing list archives

RE: Problems with eth1?

From: Ryan Hill <rhill () xypoint com>
Date: Fri, 26 Oct 2001 10:09:26 -0700

Jason,

This is all broadcast based traffic - is your outside monitor on a switch?
If so, has the switch configuration changed recently?  If you're on a
switch, you need to be mirroring traffic from the appropriate ports in order
for your card to see it.

Regards,

Ryan Hill, MCSE 
IT Ninja
Corporate Information Systems
Telecommunication Systems, Inc. (TCS) - http://www.telecomsys.com
v: 206.792.2276 - f: 206.792.2001
pgp: 0x17CE70AB

-----Original Message-----
From: Jason Smith [mailto:jsmith () firstcellular com] 
Sent: Friday, October 26, 2001 8:35 AM
To: Snort Mailing List (E-mail)
Subject: [Snort-users] Problems with eth1?

Hello all,

Here's the problem.  I have a Linux box running Redhat 7.1 w/ 
2.4.6.  It has two nics both Intel eepro100's.  They are both 
monitoring different segements of the network.  One is on the 
inside of the firewall and one is on the outside.  The 
problem interface is the outside one.  I am getting no alerts 
haven't for the last week or so.  I do have some simple rules 
that should be tripped every now and then but I'm not even 
getting those.  The internal interface does log those rules 
so I know the traffic is there.  The output below is from 
running snort -dev -i eth1.  If I do this but on eth0 traffic 
just flies by.  I'm thinking there is something wrong with 
the network card.  Hopefully the output below helps.  I have 
also checked the dmesg log, configured syslog to log all 
kernel messages to /var/log/kernel. And neither of these have 
logged anything suspicious.  

Any help is greatly appreciated.  Also if you have any other 
questions let me know.

Thanks
Jason Smith

<snip>


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Problems with eth1? Jason Smith (Oct 26)
- <Possible follow-ups>
- RE: Problems with eth1? Ryan Hill (Oct 26)
- RE: Problems with eth1? Jason Smith (Oct 31)