Snort mailing list archives

Re: Snort is too quiet!

From: sirikanya () abxnetwork com
Date: Thu, 24 Jan 2002 09:31:17 +0700


Hi ,

Now I can see some TCP alerts in ACID (about 57%) but all of them have the
same destination address!
I've already set my NIC to pormisc mode it should see everything going on
in my network right? (or I might misunderstand somrthing).
Any suggestion?

Thank you.


P.S. To everyone who gave me such a wonderful advice before, thank you very
very much.

Best Regards,
Sirikanya Buranabunpot
Advanced Business Exchange Co.,Ltd.
Metro Campus
Tel.  :  (662) 727-4026
Fax.  :  (662) 726-2916
email : sirikanya () abxnetwork com


                                                                                                                 
                      "Guillaume"                                                                                
                      <guillaume () anteria fr>              To:       <sirikanya () abxnetwork com>                   
                      Sent by:                            cc:       <guillaume () anteria fr>,                      
                      snort-users-admin () lists sour         <snort-users () lists sourceforge net                    
                      ceforge.net                         Subject:  Re: [Snort-users] Snort is too quiet!        
                                                                                                                 
                                                                                                                 
                      01/21/2002 05:13 PM                                                                        
                      Please respond to guillaume


Hi,

Now I remove -l option and snort starts to catch something( thank
you!thank you!) but only ICMP packet!!!!
Is this typically normal ??


Well... it is not typically anormal !! :-)

I also checked  the /var/log/snort it also has the same ICMP
alert and no TCP or UDP .
Forgive me but I'm really new to snort..I have to ask the same
question again; What did I miss?


What's in your snort.conf file ?

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort is too quiet! sirikanya (Jan 21)
- Re: Snort is too quiet! Guillaume (Jan 21)
- <Possible follow-ups>
- Re: Snort is too quiet! sirikanya (Jan 21)
  - Re: Snort is too quiet! Guillaume (Jan 21)
- Re: Snort is too quiet! sirikanya (Jan 23)
  - Re: Snort is too quiet! Guillaume (Jan 24)
    - generating snort rules automatically Charles (Jan 24)
    - Re: generating snort rules automatically Ryan Russell (Jan 24)
    - Re: generating snort rules automatically Charles (Jan 24)
    - Re: generating snort rules automatically Ryan Russell (Jan 24)
    - Re: generating snort rules automatically Charles (Jan 24)
    - Does snort only work in real time mode? Charles (Jan 24)
    - Re: Does snort only work in real time mode? Erek Adams (Jan 24)
    - Re: Does snort only work in real time mode? Charles (Jan 24)
    - Re: Does snort only work in real time mode? Ryan Russell (Jan 24)

(Thread continues...)