Re: Snort not seeing all traffic?

[Erick Mechler <emechler () techometer net>]

:: I wanted to point out that Snort does come up with some traffic, just not
:: all...meaning it does not and has not seen attacks/port scans, deliberate or
:: otherwise, on the firewall and the IP addresses it handles. It does see
:: traffic/alerts for a server on the switch below it...Not sure where to go
:: from here...Should I post my snort.eth1.conf file?

When you say that "Snort does come up with some traffic", do you mean that
it only alerts on some traffic, or, in sniffer mode, it can only *see* some
traffic passing by?  If it's the former, then it's just a simple matter of
enabling more rules in your conf file.  If it's the latter, then yes this
is an odd problem to be sure ... why a hub would broadcast some traffic and
not others is, well, strange.

Cheers - Erick


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users