问题
I have a problem with Snort, I've just installed the program on a R-Pi. 2 other computers on the same network can ping the R-Pi with success.
However I had the idea that snort was able to be run in Promiscuous mode meaning that it can see all traffic in a local network... without needing to run it inline in the network. When i try ping the other two computers in the same network Snort does not pick this up.
Changes i have tried....
Ruleset set to -
alert icmp any any -> any any
Config file set to -
ipvar HOME_NET 192.168.43.0/32 (<this is my home network range)
回答1:
Does Snort start up correctly? If the whole rule is given in the question, then perhaps the SID for it was not indicated.
You can try:
alert tcp any any -> any any (msg: "Just a test alert"; sid:1000001;)
回答2:
If you're using a virtual machine, make sure that your network configuration is setup as bridged adapter and promiscuous mode is enabled in your virtual machine with snort.
I'm using virtual box and this is how it looks like:
来源:https://stackoverflow.com/questions/59950060/snort-not-detecting-pings-with-other-devices