Snort mailing list archives
Re: Snort Solaris 8 with quad card
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 2 Apr 2002 11:28:54 -0800 (PST)
On Tue, 2 Apr 2002, Chris Frazier - PA wrote:
I have Snort running on a Ultra 5 with Solaris 8. I bring up interfaces qfe2 and qfe3 without IP addresses being assigned on differnet VLANs, and have Snort listen on those interfaces using separate commands: snort -D -c conf.file -l /var/log/snort/qfe2 -i qfe2 snort -D -c conf.file -l /var/log/snort/qfe3 -i qfe3 When I trigger scans on those VLANs, qfe2 logs the results, but qfe3 does nothing. If I kill the snort running on qfe3, and just do a tcpdump -i qfe3, and run tthe scans again, I see the traffic.
Ok, lets check this a bit more. If you use a 'snort -vade -i qfe2' and run scans, do you see the traffic? Where does this traffic come from? A third machine? If just run the qfe3 instance (as above), does it log? Running a 'snort -vade -i qfe3' while scanning--Does that show any data?
So am I doing something completely wrong, or am I trying to do something that is not possible.
It all depends. :) 'Not Possible' just means someone else hasn't done it yet. ;-)
Any help is greatly appreciated.
Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Solaris 8 with quad card Chris Frazier - PA (Apr 02)
- Re: Snort Solaris 8 with quad card Erek Adams (Apr 02)
- Re: Snort Solaris 8 with quad card Scott Nursten (Apr 02)
- RE: Snort Solaris 8 with quad card Jason Lewis (Apr 02)
- Re: Snort Solaris 8 with quad card Scott Nursten (Apr 02)
- <Possible follow-ups>
- RE: Snort Solaris 8 with quad card Chris Frazier - PA (Apr 03)
- Re: Snort Solaris 8 with quad card Erek Adams (Apr 02)