Snort mailing list archives
RE: No incoming data
From: "Mark Weaver" <mark () npsl co uk>
Date: Wed, 20 Nov 2002 16:11:54 -0000
Assuming what you are describing is: snort box | router ----------> firewall then yes, you should see the traffic from the router. First thing, run tcpdump on the snort box and check that you are getting traffic on the snorted if. Next thing, do something that should generate an alert (nmap the firewall or something), watching for traffic. If snort doesn't generate an alert, then you probably have the snort configuration wrong (check external/home) nets. Finally, make sure you use a half-wired cable to prevent your snort box being hax0red... Mark
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Philippe Dhont (Sea-ro) Sent: 20 November 2002 15:06 To: 'snort-users () lists sourceforge net' Subject: [Snort-users] No incoming data Hi all, I have a snort system that works just fine. It works with apache, mysql and acid and i tested it on an internal server. A lot of fake errors come in but hey, it works fine. Now i moved the configuration for detection internet attacks. I use a router and a firewall, i put a HUB between the router and the firewall and i connected the firewall and the snort machine on the hub. So i have a router, a hub and snort machine on one hub. Now, because a hub is a broadcast device, i should get all the data from the router to the firewall also on my snort but i get notting on my snort. Why not ? Any idea ? Thnx, Philippe Dhont ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No incoming data Philippe Dhont (Sea-ro) (Nov 20)
- RE: No incoming data Mark Weaver (Nov 20)
- Re: No incoming data Erek Adams (Nov 22)
- <Possible follow-ups>
- RE: No incoming data Philippe Dhont (Sea-ro) (Nov 21)
- Re: No incoming data Steve Loughran (Nov 21)
- Re: No incoming data twig les (Nov 21)
- Re: No incoming data Steve Loughran (Nov 21)
- RE: No incoming data Philippe Dhont (Sea-ro) (Nov 21)