RE: plz help

["Patrick S. Harper" <patrick () internetsecurityguru com>]

Are you on a switch?  If so snort will not see all the traffic.  In that
configuration you either need a true hub (see the archive) or a tap.  First
make sure that snort is working then see if you have a networking problem.
Scan the box or set up a rule to catch all IP traffic




Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Chandana
Bandara
Sent: Thursday, October 14, 2004 2:48 AM
To: Snort
Subject: [Snort-users] plz help

hi , 
 
my snort placed in same network with the other machines. It has only one
interface card. 
 
 
PC A --------- PC B ------------- PC C -------- Snort Box -------- PC D
--------- ....... so on
 
I made ping request PC B to PC D . It is not a nornal ping , added the
packect size 50 000. This can be unknown attack in the network .
But like this alerts why can't detect from the snort ? my snort wont show
such hits ? where is the problem ? can u all help ....plz ?
 
Thank u
chandana
 
 



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users