Snort mailing list archives
Re: Newbie Questions
From: "Justin Heath" <justin.heath () gmail com>
Date: Fri, 27 Oct 2006 10:55:33 -0400
Here is one thing you may want to check to help troubleshoot your issue. Capture some traffic using tcpdump (~10,000 packets and set you snaplen to 0). Read back the pcap with both versions of snort and compare the the final packet statistcs. On 10/26/06, Davis Lee <lee_d () aps edu> wrote:
Greetings & TIA, I have two boxes plugged into the same switch. One is Snort 2.44 on FC4 displayed through Base 1.2.2 (cindy). Two is Snort 2.6.02 on FC5 displayed through Base 1.2.6 (Christine). AFAIK, the snort.conf files are identical (at least my visual step through shows them to be the same). Also, the local.rules file is almost the same, except for the order of listing. Cindy is giving me a whole lot more info than Christine. Christine only shows UDP, and misses a lot of info that Wireshark, running on her box, does show. Where should I start in order to get more info from Christine? I've looked at var/log/snort and I think Christine is reporting all she sees. Thanks, Davis Lee ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie Questions Davis Lee (Oct 26)
- Re: Newbie Questions Justin Heath (Oct 27)
- Re: Newbie Questions Adam Keeton (Oct 27)