Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TP

["Gus Faulk" <glfaulk () cox net>]

When I ran tcpdump it was seeing all traffic. The problem was in the
snort.conf. My rules were not set up properly.
----- Original Message -----
From: "Matt Kettler" <mkettler () evi-inc com>
To: "Gus Faulk" <glfaulk () cox net>; <snort-users () lists sourceforge net>
Sent: Wednesday, June 11, 2003 8:33 PM
Subject: Re: [Snort-users] Snort 2.0.0, OpenBSD3.3, Netgear EN104TP


> At 07:51 PM 6/11/2003 -0400, Gus Faulk wrote:
> > Snort is not logging anything from the cable modem. I have a remote shell
> > that I have used to do nmap scans and
> > it is not picking up anything. I have a link light on the stealth nic and
> > it is getting traffic.
>
> My first question. Have you tried tcpdump?
>
> If tcpdump sees it, snort should see it. If tcpdump doesn't see it, snort
> won't.
>
> If traffic is coming in and visible to tcpdump, and snort isn't alerting
> when it should, check your configuration of snort.conf and make sure it
> really should be alerting for the IP combinations specified. Carefuly
check
> over your external and home net declarations, and what rule files you have
> included.
>
> Check the rule files themselves.. which rules do you expect your nmap scan
> to trigger? (note this will varry a LOT depending on what kind of scan you
> run with nmap, and some kinds of nmap scan may not generate any alerts at
all)
>



-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users