Snort FAQ

I'm not receiving alerts in Snort

I’m not receiving alerts in Snort

  • You running Snort on the same box as you are sending/receiving packets.
    • This is most likely the result of a checksum offloading issue. Try adding -k none to your Snort command line and see if it works.
  • You are attempting to simply test Snort by downloading an executable file of some sort, and aren’t receiving an alert
    • Make sure you have rules that look for portable executable downloads turned on like SID 1:16425. Also, see above and add -k none to your command line to see if your NIC is offloading checksums.