by Alright, this is completely pissing me off now, I hope someone knows
what is going on.
I have two boxes, one running 4.0 freebsd, and other running 4.3
freebsd. Both were installed with iso images.
I installed snort on the 4.0 box, and start it up with snort -v and
packets start scrolling. After hitting cntrl-v it stops and gives me
the breakdown by protocol, and arp/icmp/udp/tcp are listed.
I installed snort on the 4.3 box, and start it up with snort -v and
packets start scrolling (slowly). After hitting cntrl-v it stops and
gives me the breakdown by protocol, BUT there is no tcp packets
listed.
Both machines are connected to the same hub, and I have swapped the
ports back in forth just to see what happens, same thing.
I reinstalled the 4.3 with a standard install, minimal, and custom
installs, and they all do the same thing.
Now I ran snort -v, and then on the other box, I pulled up the
webserver on the 4.3 box, and clicked around on the web pages. I then
cntrl-c on the 4.3 box, and snort now shows a few tcp packets.
SO, it is getting tcp traffic, and I can ping/traceroute/ftp, etc from
the machine just fine, and the webserver is publishing pages just
fine, and php working etc; However, when I run snort in sniffer mode,
there is no tcp traffic unless it's directed to the machine.
I tried tcpdump too just to see if snort might have been bugged, and
all it shows is udp/arp/icmp packets, and no tcp packets, unless I
contact the machine through telnet or http....
Anyone know why tcp packets are not showing from other destinations.
I'm so frustrated I am about to put freebsd 4.0 on it, and go...but
wanted to have the latest.
Thanks,
Derek