Snort mailing list archives

Wierd snort issue

From: setests setests <setests () gmail com>
Date: Wed, 10 May 2017 14:57:46 -0400
Hi

I am running snort 2.9.9.0 on a centOS 7 as shows in [1].  I installed it
off of snort.org pre-compiled rpm package.  I am also running PFring stable
rpm package "pfring-6.7.0-1220" on the centOS 7 Box.

I am getting traffic down a couple of SPAN links to my box.  Snort triggers
on some alerts just fine.  However snort does not trigger on all alerts
which I am expecting to see.

for e.g. I ran tcpdump on both the SPAN interface of snort machine and
captured the packet when I browsed to some site expecting the alerts to
trigger and it did not.  Now that I have the tcpdump pcap capture when I
played it back at the very same snort with the -r option I could see snort
showing that alert on the console.  What am I doing wrong?

[1]
snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.9.0 GRE (Build 56)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/contact#team
           Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights
reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.7.4
           Using PCRE version: 8.32 2012-11-30
           Using ZLIB version: 1.2.7
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:

Wierd snort issue setests setests (May 10)