Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
3
Replies

45000 1 [synsent] sto 5000 syn Not rcvd!

mkunhi
Level 1
Level 1

‎07-13-2002 10:00 PM - edited ‎03-08-2019 11:32 PM

I am trying to add my sensor to director and getting the erro no sesnor responding at Host ID: 30 Org ID 100 warning.

Sensor version 2.5(0)S0 CSPM 2.3.0

When I use nrconns it is giving the following error

45000 1 [synsent] sto 5000 syn Not rcvd!

nrstatus

Only four services are running Packetd is missing from there

I check all the configuration like host ID and Orgainsation ID everything seems to be O.K.

Any help will be highly apprciated

Thanks

Labels:
0 Helpful
3 Replies 3

yusuff
Cisco Employee
Cisco Employee

‎07-14-2002 03:05 AM

if packetd is not running, check the if you have configured the correct sniffing interface eg; spwr0 or iprb0 (depending on the sensor model)

on sensor, login as netrangr and run following command;

grep NameOfPacketDevice /usr/nr/etc/packetd.conf

you should receive something as follows;

NameOfPacketDevice /dev/spwr0

(spwr0 is your sensing interface, make sure on the director you configure accordingly.)

http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1925.htm#xtocid162254

Also, check to see if the interface is actually seeing network traffic.

You can manually put the sniffing interface into promiscuous mode to see if the interface is seeing network traffic. On the Sensor, run the snoop utility as user root (see below). The snoop command syntax is snoop -d name_of_interface (without /dev). You should see network traffic being displayed. Use ctrl-c to break out of snoop.

netrangr@sensor:/usr/nr

>su -

Password:

Sun Microsystems Inc. SunOS 5.6 Generic August 1997

# snoop -d spwr0

Using device /dev/spwr (promiscuous mode)

10.1.10.1 -> 224.0.0.10 IP D=224.0.0.10 S=10.1.10.1 LEN=60, ID=0

? -> (multicast) ETHER Type=0020 (LLC/802.3), size = 320 bytes

? -> * ETHER Type=9000 (Loopback), size = 60 bytes

10.1.10.1 -> 224.0.0.10 IP D=224.0.0.10 S=10.1.10.1 LEN=60, ID=0

^C

If you don't see any network traffic, then check your connections and cabling and if SPAN is configured correctly on the switch.

HTH

R/Yusuf

0 Helpful

mkunhi
Level 1
Level 1
In response to yusuff

‎07-14-2002 08:01 PM

Thanks for your reply. But Actually I am not able to add the sensor to the CSPM.it is always giving the error "No sensor responding at Host ID :30 Org ID 100 Host ID warning.

Sensor and Director is connected through a hub (Out of Band network) and I am able to reach the sensor from the director machine .

All the configuration seems to be O.K

Director sensor

HostName:cspm1 Host Name:ids

IP: 172.16.0.10 IP: 172.16.0.30

Host ID : 10 Host ID:30

Org ID:100 OrgID:100

Org Name:adwea OrgName:adwea

0 Helpful

yusuff
Cisco Employee
Cisco Employee
In response to mkunhi

‎07-15-2002 12:00 AM

What you are saying is that the CSPM is not letting you add the sensor with Host ID 30 and Org ID 100, probably this means that you have another sensor configured already or you had it before and it has not removed successfully. I suggest either you reset the CSPM or do a fresh install and try again.

R/Yusuf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents