[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] snort cannot monitor traffic
From:       Patrick Mullen <pmullen () sourcefire ! com>
Date:       2018-10-16 0:56:09
Message-ID: CAMhPpEW4CwYjApqi=Md0V5FuwxbaLdZG5Lxt6aHo_wShpK0msA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello!

You should direct your question to the snort-users list, but I believe the
first thing you should try is to make sure you are running snort as root
and also you need to know that if you are launching attacks at the device
running snort, unless you disabled hardware checksum offloading, snort will
ignore the traffic due to checksum errors. It is best to run snort on a
separate device, only monitoring traffic.


Thanks,

Patrick

On Mon, Oct 15, 2018, 10:20 AM main chan via Snort-sigs <
snort-sigs@lists.snort.org> wrote:

> Dear sir
>
> I use use one of the blade to monitor mirror the port from a ubuntu which
> install snort, but I can directly ping to nic which has monitor traffic
>
>
> Regrads
>
> Ricky Chan
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs@lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>

[Attachment #5 (text/html)]

<div dir="auto">Hello!<div dir="auto"><br></div><div dir="auto">You should direct \
your question to the snort-users list, but I believe the first thing you should try \
is to make sure you are running snort as root and also you need to know that if you \
are launching attacks at the device running snort, unless you disabled hardware \
checksum offloading, snort will ignore the traffic due to checksum errors. It is best \
to run snort on a separate device, only monitoring traffic.  </div><div \
dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Thanks,  </div><div \
dir="auto"><br></div><div dir="auto">Patrick  </div></div><br><div \
class="gmail_quote"><div dir="ltr">On Mon, Oct 15, 2018, 10:20 AM main chan via \
Snort-sigs &lt;<a href="mailto:snort-sigs@lists.snort.org">snort-sigs@lists.snort.org</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Dear \
sir<div><br></div><div>I use use one of the blade to monitor mirror the port from a \
ubuntu which install snort, but I can directly ping to nic which has monitor \
traffic</div><div><br></div><div><br></div><div>Regrads</div><div><br></div><div>Ricky \
Chan</div></div> _______________________________________________<br>
Snort-sigs mailing list<br>
<a href="mailto:Snort-sigs@lists.snort.org" target="_blank" \
rel="noreferrer">Snort-sigs@lists.snort.org</a><br> <a \
href="https://lists.snort.org/mailman/listinfo/snort-sigs" rel="noreferrer \
noreferrer" target="_blank">https://lists.snort.org/mailman/listinfo/snort-sigs</a><br>
 <br>
Please visit <a href="http://blog.snort.org" rel="noreferrer noreferrer" \
target="_blank">http://blog.snort.org</a> for the latest news about Snort!<br> <br>
Please follow these rules: <a \
href="https://snort.org/faq/what-is-the-mailing-list-etiquette" rel="noreferrer \
noreferrer" target="_blank">https://snort.org/faq/what-is-the-mailing-list-etiquette</a><br>
 <br>
Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up \
to date to catch the most &lt;a href=&quot; <a \
href="https://snort.org/downloads/#rule-downloads" rel="noreferrer noreferrer" \
target="_blank">https://snort.org/downloads/#rule-downloads</a>&quot;&gt;emerging \
threats&lt;/a&gt;!<br> </blockquote></div>



_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up \
to date to catch the most <a href=" \
https://snort.org/downloads/#rule-downloads">emerging threats</a>!



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic