Community discussions

MikroTik App
 
BooX
just joined
Topic Author
Posts: 14
Joined: Sat Oct 31, 2015 6:13 pm

No WAN packets with packet sniffer

Tue Jun 06, 2017 7:48 pm

Hi

I´ve just started working with Suricata but I'm having problems getting the WAN packets to the Suricata server....

When running the trafr tool on the server that the packet sniffer is streaming at, I see a lot of lan traffic but no wan traffic.
The same goes for Suricate, it sees the lan traffic put not the wan.

I have no idea where to look for whats causing the wan packets not to be sniffed/streamed, any suggestions on what to do ?

Thank you in advance.

BooX
 
User avatar
mlpaul
just joined
Posts: 13
Joined: Thu Apr 20, 2017 11:02 pm
Location: Ohio, United States

Re: No WAN packets with packet sniffer

Tue Jun 06, 2017 8:02 pm

I am assuming you are using the same guide from tomfisk (viewtopic.php?f=2&t=111727) but in his guide, he provided a link to http://robert.penz.name/849/howto-setup ... ta-as-ids/ which is what i followed and I am getting WAN traffic, is this the guide you followed?
 
BooX
just joined
Topic Author
Posts: 14
Joined: Sat Oct 31, 2015 6:13 pm

Re: No WAN packets with packet sniffer

Tue Jun 06, 2017 8:12 pm

Hi

Thank you for replying.

Yes this is the guide Im following, and the Suricata part seems to work perfect....
If I ping one of the servers in the "suspicious ip list" from a terminal on the Ubuntu server running Suricata the warnings pops up in the fast.log, but if I do the same from another machine on the lan I don't see anything.

And looking at the packets that trafr outputs to the screen it's all lan packets.

I'm running a dual wan setup on the Mikrotik but I don't really see that this could affect the function of the sniffer ?

BooX
 
pingpong1428
just joined
Posts: 4
Joined: Tue May 04, 2021 11:00 pm

Re: No WAN packets with packet sniffer

Tue May 11, 2021 7:19 pm

Hey im having same issue cant seem to receive traffic from wan.

anyone has an update on this?

thanks
 
pingpong1428
just joined
Posts: 4
Joined: Tue May 04, 2021 11:00 pm

Re: No WAN packets with packet sniffer

Wed May 12, 2021 1:45 am

everytime y try to run the command i allways receive this error.

root@suricata:/etc/suricata# trafr -s | suricata -c /etc/suricata/suricata.yaml -r -
11/5/2021 -- 19:40:38 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - ERROR: Pcap file

Who is online

Users browsing this forum: No registered users and 74 guests