Snort mailing list archives

Re: Snort not seeing traffic

From: Pratik Narang <pratik.cse.bits () gmail com>
Date: Tue, 28 Aug 2012 09:31:52 +0530

It is in Bridged mode.

On Mon, Aug 27, 2012 at 7:26 PM, Jeremy Hoel <jthoel () gmail com> wrote:

How is the interfact between the VM gues and host setup?  Private LAN?
 NAT?  Bridged?

On Mon, Aug 27, 2012 at 6:01 AM, Pratik Narang
<pratik.cse.bits () gmail com> wrote:

I have three machines on my test bed- A, B and C. Snort runs on A.
B and C both have a VM running as well.
I am unable to understand why Snort is not seeing the traffic that is
flowing between machine B/VM on B/machine C/VM on C and the internet.

 Snort.conf clearly says-
# Setup the network addresses you are protecting
ipvar HOME_NET [172.16.x0.0/24]

# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET any

I tried doing packet captures in promiscuous mode on A. Even Wireshark
doesn't see that traffic from those machines to the internet. So it
doesn't seem to be any problem with Snort but with my settings.

What am I doing wrong?

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort not seeing traffic Pratik Narang (Aug 26)
- Re: Snort not seeing traffic Jeremy Hoel (Aug 27)
  - Re: Snort not seeing traffic Pratik Narang (Aug 27)
    - Re: Snort not seeing traffic Jeremy Hoel (Aug 28)
    - Re: Snort not seeing traffic Pratik Narang (Aug 29)
    - Re: Snort not seeing traffic Peter Bates (Aug 29)