i have installed snort in ubuntu server and used Base and gui interface . i used ip firewall calea and packet sniff tool to send the traffic to my snort server
when i run command ./trafr -s | snort -r - and cp trafr /usr/local/bin/ everything seems ok but in Base interface i only see udp and icmp traffic despite %50 of my traffic is tcp and all the udp and icmp coming from 1 single source and another dest ip simply i saw 2 ip for all the traffic but in console i see all the real ip address.
what could cause this
thanks for reading