Snort mailing list archives

Re: Snort is too quiet!

From: "Guillaume" <guillaume () anteria fr>
Date: Thu, 24 Jan 2002 11:09:25 +0100 (CET)


Hi ,

Now I can see some TCP alerts in ACID (about 57%) but all of them
have the same destination address!
I've already set my NIC to pormisc mode it should see everything
going on in my network right? (or I might misunderstand
somrthing).
Any suggestion?


I forgot: if you installed tcpdump, try to see if you catch more
trafic with that tool. You should not be able to see more with
tcpdump than with snort, for both use the libpcap libraries : it is a
way to be sure snort is not implied with your problem...

If you did not install tcpdump... Just do(wnload) it
(www.tcpdump.org) ! It never hurts to know usefull tools :-)

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

generating snort rules automatically, (continued)
- - - generating snort rules automatically Charles (Jan 24)
    - Re: generating snort rules automatically Ryan Russell (Jan 24)
    - Re: generating snort rules automatically Charles (Jan 24)
    - Re: generating snort rules automatically Ryan Russell (Jan 24)
    - Re: generating snort rules automatically Charles (Jan 24)
    - Does snort only work in real time mode? Charles (Jan 24)
    - Re: Does snort only work in real time mode? Erek Adams (Jan 24)
    - Re: Does snort only work in real time mode? Charles (Jan 24)
    - Re: Does snort only work in real time mode? Ryan Russell (Jan 24)
    - Message not available
    - Re: generating snort rules automatically Matt Kettler (Jan 24)
  - Re: Snort is too quiet! Guillaume (Jan 24)