| Zeus N/A 2004-09-28, 3:00 am |
| I'm kinda new to snort, and trying to get it running on my OpenBSD 3.5
firewall, but
its not working right. If i read the documentation right, i should be
able to have snort listen on pflog0 and just cpture and watch the traffic
thats regected by my firewall, which is handy because snort isn't then
logging all the arp traffic that shows up on the line.
When I start snort with
snort -i pflog0
nothing happens and after ctrl-c i get this:
Snort analyzed 105 out of 105 packets, dropping 0(0.000%) packets
Breakdown by protocol: Action Stats:
TCP: 0 (0.000%) ALERTS: 0
UDP: 0 (0.000%) LOGGED: 0
ICMP: 0 (0.000%) PASSED: 0
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 105 (100.000%)
DISCARD: 0 (0.000%)
but if i use tcpdump i get to see all the packets and it works just fine
I saw some posting in the archive of someone having the same problem back in
June i think but i couldn't find an answer to his posting that solves the
problem. I'd appreciate any type of help with this.
Thanks
________________________________________
_________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
|