Snort mailing list archives
Re: I can not see it
From: "Patrick S. Harper" <patrick () internetsecurityguru com>
Date: Thu, 5 Oct 2006 11:53:38 -0500
You will need to change the interface in your init script then restart snort -----Original Message----- From: snort-users-bounces () lists sourceforge net [mailto:snort-users-bounces () lists sourceforge net] On Behalf Of Greta.Ji () sungard com Sent: Thursday, October 05, 2006 9:37 AM To: kisero () gmail com Cc: Snort-users () lists sourceforge net Subject: Re: [Snort-users] I can not see it Esteban, Thank you to answer my mail. I spent few hours, finally fixed the problem. When I use "tcpdump -i eth1", I can see the traffic send from switch. I have another problem. Snort/BASE only capture eth0 traffic, which I use for the monitor connection. I can not see traffic on eth1. How can I sniff eth1 traffic to Snort? I checked the snort.conf, I did not find anywhere for it. Thank you for all of your help, --Greta ________________________________ From: Esteban Ribicic [mailto:kisero () gmail com] Sent: Thursday, October 05, 2006 10:12 AM To: Ji, Greta Cc: Snort-users () lists sourceforge net Subject: Re: [Snort-users] I can not see it maybe u are confusing the nic u must sniff, try tcpdump -i any -n (under linux) On 10/3/06, Greta.Ji () sungard com <Greta.Ji () sungard com> wrote: Hi, I am a new user on this list. I have a simple problem, and hope to get a help. I just installed Snort 2.6 on Centos. I follow the document to bring eth1 up (eth0 has IP to connect to the Internal network). But I can not see any traffic on eth1 (tcpdump -i eth1). I checked the switch, I can see traffice on the interface (# sh interface f0/8): monitor session 1 source interface Fa0/2 monitor session 1 destination interface Fa0/8 270471 packets output, 65224246 bytes, 0 underruns Did I missing anything at here? Could some one help me? Thank you, --Greta ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net 's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users> list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- I can not see it Greta.Ji (Oct 05)
- Re: I can not see it Eric Hines (Oct 05)
- Re: I can not see it Greta.Ji (Oct 05)
- Snort rule setting Greta.Ji (Oct 05)
- Re: Snort rule setting Eric Hines (Oct 05)
- Re: I can not see it Esteban Ribicic (Oct 18)
- Re: I can not see it Greta.Ji (Oct 05)
- Re: I can not see it Patrick S. Harper (Oct 05)
- Re: I can not see it Greta.Ji (Oct 05)
- Re: I can not see it Patrick S. Harper (Oct 05)
- Re: I can not see it Nick Oliver (Oct 18)
- Re: I can not see it Greta.Ji (Oct 05)
- Re: I can not see it Eric Hines (Oct 05)
- <Possible follow-ups>
- Re: I can not see it Michael Scheidell (Oct 06)