Snort logs different than the stuff I see in BASE.

["Bruno G. San Alejo" <bgonzalez () polar es>]

    Hello, I'm missing out something here because I have produced some
log files from snort and when I check them out with wireshark I cannot
find some alert packets that I see at BASE.

    In detail, I see some ICMPs redirect messages in the logs (through
wireshark, they are in tcpdump format), but BASE shows just one. Also,
the mac addresses involved are not the same (I have just one sensor),
though the IPs are. I know this because the packet saved as pcap from
BASE and opened with Wireshark has plain wrong mac addresses.

    I thought that some packets could get lost due to heavy load
(actually this is a live network, but I'm running snort non promiscous).
But the discrepancies between what BASE shows me and what snort logs
makes me believe I'm doing something wrong.

    Thanks.

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users