Snort mailing list archives
Re: I can not see it
From: Eric Hines <eric.hines () appliedwatch com>
Date: Thu, 05 Oct 2006 12:54:39 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greta,
You mentioned a switch, I sure hope you are connected to a span port on
the switch or a Tap. Otherwise, you're not going to see anything except
broadcast traffic.
Best Regards,
Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC
- --------------------------------------------------
Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC
- --------------------------------------------------
Email: eric.hines () appliedwatch com
Address: 1095 Pingree Road
Suite 221
Crystal Lake, IL
60014
Tel: (877) 262-7593 ext:327
Local: (847) 854-5831
Fax: (847) 854-5106
Web: http://www.appliedwatch.com
- --------------------------------------------------
Security Management for the Open Source Enterprise
Greta.Ji () sungard com wrote:
Hi,
I am a new user on this list. I have a simple problem, and hope to get a
help. I just installed Snort 2.6 on Centos. I follow the document to bring
eth1 up (eth0 has IP to connect to the Internal network). But I can not
see any traffic on eth1 (tcpdump -i eth1). I checked the switch, I can see
traffice on the interface (# sh interface f0/8):
monitor session 1 source interface Fa0/2
monitor session 1 destination interface Fa0/8
270471 packets output, 65224246 bytes, 0 underruns
Did I missing anything at here? Could some one help me?
Thank you,
--Greta
------------------------------------------------------------------------
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFJUbf1va6QYTV0EMRAtboAJ99CBdy18UaTdAjl/zqfBrUavQfkwCfY5t7 qIWPA5sGx0Gx59weLaK09L0= =TWSq -----END PGP SIGNATURE-----
Attachment:
eric.hines.vcf
Description:
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- I can not see it Greta.Ji (Oct 05)
- Re: I can not see it Eric Hines (Oct 05)
- Re: I can not see it Greta.Ji (Oct 05)
- Snort rule setting Greta.Ji (Oct 05)
- Re: Snort rule setting Eric Hines (Oct 05)
- Re: I can not see it Esteban Ribicic (Oct 18)
- Re: I can not see it Greta.Ji (Oct 05)
- Re: I can not see it Patrick S. Harper (Oct 05)
- Re: I can not see it Greta.Ji (Oct 05)
- Re: I can not see it Patrick S. Harper (Oct 05)
- Re: I can not see it Nick Oliver (Oct 18)
- Re: I can not see it Greta.Ji (Oct 05)
- Re: I can not see it Eric Hines (Oct 05)
- <Possible follow-ups>
- Re: I can not see it Michael Scheidell (Oct 06)