Snort not detecting Pings with other devices

☆樱花仙子☆ 提交于 2021-01-28 09:40:57

问题


I have a problem with Snort, I've just installed the program on a R-Pi. 2 other computers on the same network can ping the R-Pi with success.

However I had the idea that snort was able to be run in Promiscuous mode meaning that it can see all traffic in a local network... without needing to run it inline in the network. When i try ping the other two computers in the same network Snort does not pick this up.

Changes i have tried....

Ruleset set to -

alert icmp any any -> any any 

Config file set to -

ipvar HOME_NET 192.168.43.0/32 (<this is my home network range)

回答1:


Does Snort start up correctly? If the whole rule is given in the question, then perhaps the SID for it was not indicated.

You can try:

alert tcp any any -> any any (msg: "Just a test alert"; sid:1000001;)



回答2:


If you're using a virtual machine, make sure that your network configuration is setup as bridged adapter and promiscuous mode is enabled in your virtual machine with snort.

I'm using virtual box and this is how it looks like:



来源:https://stackoverflow.com/questions/59950060/snort-not-detecting-pings-with-other-devices

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!