Reputation: 11
Snort not detecting Pings with other devices
I have a problem with Snort, I've just installed the program on a R-Pi. 2 other computers on the same network can ping the R-Pi with success.
However I had the idea that snort was able to be run in Promiscuous mode meaning that it can see all traffic in a local network... without needing to run it inline in the network. When i try ping the other two computers in the same network Snort does not pick this up.
Changes i have tried....
Ruleset set to -
alert icmp any any -> any any
Config file set to -
ipvar HOME_NET 192.168.43.0/32 (<this is my home network range)
Upvotes: 1
Views: 3476
Answers (3)
Reputation: 1
In the VirtualBox, after setting promiscuous mode you may need to reboot your virtual machine.
Upvotes: 0
Reputation: 81
If you're using a virtual machine, make sure that your network configuration is setup as bridged adapter and promiscuous mode is enabled in your virtual machine with snort.
I'm using virtual box and this is how it looks like:
Upvotes: 2
Reputation: 1
Does Snort start up correctly? If the whole rule is given in the question, then perhaps the SID for it was not indicated.
You can try:
alert tcp any any -> any any (msg: "Just a test alert"; sid:1000001;)
Upvotes: 0
Related Questions
- How to monitor packets using Snort features?
- Snort rule failing to alert to log
- Snort Rules Configuration Issue
- snort ips rule - reject work but drop and sdrop dont work
- What is the best way to enable different rules for different subnets in Snort?
- Snort not showing blocked/dropped packets
- Snort: Reporting packet numbers
- Rule for capturing SYN-scanning
- Issue on Snort rules to track IRC servers activities
- Snort rule doesn't generate alerts when hosts responding simultaneously