Hello All,
I would like to know how suricata can listen on the network, because I implemented the solution in a linux machine, configured the home network and the interface to listen on, forwarded the logs to elk siem, and I started to see the communication between all the machines in the home network.
I’m really confused because I did not configure port mirroring …
Thanks in advance.
Hi! What kind of traffic are you seeing. Are you sure it’s just not traffic between your Suricata box and other machines on you network. You should also see ARP packages and multicast DNS among other things.
I can see all the traffic between different machines on the network, not just only between the Suricata box and other machines.
I can see DNS traffic but I can’t see arp packages
And the IP of the suricata box is not 192.168.200.37? Can only see one host in the logs.
Well, something is sending those packets to your Suricata box. This is not something that Suriata can do by itself. Are you connected to some ancient hub?
