Snort mailing list archives
Re: Problem with Snort IDS
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Sat, 12 Nov 2016 12:30:30 +0000
Hello Marcio, Sounds like you have a network problem and not a snort related one. You need a way to divert/span the traffic TO snort interface or Run snort inline so the traffic passes directly through the snort machine. The device being in promiscuous mode doesn’t help with switched traffic (which doesn’t get copied to your snort interface). It just tells the interface to capture anything it sees. In your case once the traffic is diverted/spanned it should work properly. Hope this helps. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Marcio Demetrio Bacci <marciobacci () gmail com<mailto:marciobacci () gmail com>> Date: Friday, November 11, 2016 at 6:59 PM To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Subject: [Snort-users] Problem with Snort IDS Hi, I have installed a Snort server (virtual machine) as IDS on Ubuntu 14-04 LTS. I noticed that it only monitors the traffic directed to snort itself. When I execute ping or portscan command from a host to another server on the network, it is not registered by snort. It looks like the interface is not listening in promiscuous mode. I am starting snort as follows: /usr/sbin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 -D Anyone have any idea what is the problem? Regards, Márcio
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problem with Snort IDS Marcio Demetrio Bacci (Nov 11)
- Re: Problem with Snort IDS Al Lewis (allewi) (Nov 12)