[Oisf-users] Suricata doesn't alert
Amar
amar at countersnipe.com
Mon Sep 23 06:10:49 UTC 2019
Hi Frank
Its probably to do with your switch configuration. You will have to plug Suricata into a Span/mirror Port and make sure you Span all other traffic to that port.
Alternatively, if your network is small, you could find yourself an old hub!
Amar Rathore
www.countersnipe.com
>
> On Sep 23, 2019 at 11:03 AM, <Tuấn Ngọc Trần Lê (mailto:tranletuanngoc at gmail.com)> wrote:
>
>
>
> Hello,
> I wrote a rule for Suricata to detect ICMP connection and have it loaded.
>
> alert icmp $HOME_NET any -> $HOME_NET any (msg:"ICMP connection attempt"; sid:1000002; rev:1;)
>
>
>
> It works fine when I try to ping from a computer in the network (A) to the one running Suricata (B).
>
> However, when I ping from (A) to another computer (C), (B) doesn't detect and alert.
>
> (A), (B) and (C) are being connected to a switch.
>
>
>
> Please help me.
>
>
>
> Thank you,
>
> Ngoc Tran (Frank)
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190923/88bfc734/attachment.html>
More information about the Oisf-users
mailing list