Home page logo
/

snort logo Snort mailing list archives

Re: Seeking promiscuity, finding only fidelity: frustration reigns ...
From: Russ Combs <rcombs () sourcefire com>
Date: Mon, 22 Apr 2013 17:30:10 -0400

Lots of possibilities.  Can you send shutdown or usr1 stats?  Checksums?
 Did you try snort -k none?

On Mon, Apr 22, 2013 at 4:51 PM, Eric Fowler <eric.fowler () gmail com> wrote:

Story of my life ...

I have a USB netcard that is in promiscuous mode - ifconfig says it is
promiscuous,and I can use Wireshark to inspect packets that are sent
between third party (i.e. not the machine wireshark /snort i s running on).
I am able to flood the network with UDP traffic of known profile. Wireshark
sees it. Snort does not.

I have written a simple rule to catch all UDP traffic. It does see some
packets but all are local.

What is going wrong?

Help a lonely nerd find satisfaction, if only for tonight ....

Eric



------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault