Ubuntu – Security Onion Networking issue

Been using Security Onion for a while now. A very good OS for analysis and getting IDS alerts on the go without installing expensive hardware. But recently, due to some updates been facing some issue with regards to internet connections.

Not sure what the Network-Manager updates do but while installing Security Onion if you select “Install Updates while Downloading” for some reason network-manager shows attitude and internet connection just gets lost after setting up the management and monitoring interfaces.

Have searched lot on the forums and multiple ideas. This worked to get the internet start.

“sudo service network-manager restart” and also deleting interface details from /etc/network/interfaces

This does started internet but somehow monitoring on the interfaces doesn’t work.

Also, realised that the machine gets slower for some reason regardless of it being a VM or Security Onion as host operating system.

Than tried not to select the updates during installation and Lock the Version of Network-Manager from Synaptic Package Manager. Than updated the system and rebooted.

Internet was working. Checked Sguil and but no alerts for testmyids.com. tcpdump does shows traffic.

Did a reboot and wallah….all working properly. Can see alerts on Snorby and Sguil.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s