Re: snort cannot monitor traffic

[Patrick Mullen <pmullen () sourcefire com>]

Hello!

You should direct your question to the snort-users list, but I believe the
first thing you should try is to make sure you are running snort as root
and also you need to know that if you are launching attacks at the device
running snort, unless you disabled hardware checksum offloading, snort will
ignore the traffic due to checksum errors. It is best to run snort on a
separate device, only monitoring traffic.


Thanks,

Patrick

On Mon, Oct 15, 2018, 10:20 AM main chan via Snort-sigs <
snort-sigs () lists snort org> wrote:

> Dear sir
>
> I use use one of the blade to monitor mirror the port from a ubuntu which
> install snort, but I can directly ping to nic which has monitor traffic
>
>
> Regrads
>
> Ricky Chan
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists snort org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!