RE: Promiscuous monitoring

[Francis Yom <fyom () symmsys com>]

I have the exact same problem.  I hope someone can pass a clue as to
what might be causing this.

-francis

On Tue, 2002-07-02 at 08:02, Jason Gauthier wrote:
> My first thought is that the EXTERNAL_NET variable isn't set right.
> Is that assigned as "any"?
>  
>  
>
> -----Original Message-----
> From: Eric Ferguson [mailto:eric.ferguson () jaguartech com]
> Sent: Tuesday, July 02, 2002 7:06 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Promiscuous monitoring
>
>
>
> I have Snort 1.8.6 running on Red Hat 7.3 with ACID and MySQL.  I start
> Snort with the -v option to verify that Snort is seeing traffic and all
> seems well.  My only problem is that attacks (ones I generate myself) are
> only logged if directed at the Snort IP address.  If I direct an attack to
> another machine on the same subnet, Snort does not identify the attack (yes
> I am running a hub and not a switch...:-)).  Sounds like something simple to
> me, I am just not sure what it is.
>
>  
>
> Thanks,
>
>  
>
> Eric Ferguson - NNCSE
>
> 4440 Embassy Drive
>
> Sykesville, Md. 21784
>
> phone: 410-876-0585
>
> cell: 443-677-6119
>
> email: eric.ferguson () jaguartech com
>
>  




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users