Hi,
I have enabled promiscuous mode on my interface and set “disable-promisc” to “no” in suricata.yml.
However, I am only able to see the network connections to and from the host and not the whole subnet.
Any help would be appreciated.
Thanks
Hi,
How does the machine running Suricata get network traffic?
Can you see the network traffic if you run tcpdump on the interface where the traffic is expected.
same here
tcpdump -i wlan0 show all traffic passing interface but Suricata only able to see the network connections to and from the host
thanks in advance
Hi,
Sorry you’re having issues. Can you post information about
- Suricata version
- Suricata configuration
- NIC and packet acquisition mode
- Network topology
- System information (Ubuntu, Windows, FreeBSD, …)