[Snort-users] Snort & tcpdump

Guillaume guillaume at ...1168...
Fri Mar 9 12:53:10 EST 2001


Hi !

I installed some snort boxes on switched networks.
As I checked why I was not able to see all the traffic, I notided that
tcpdump seems to "see" much more traffic than snort does, using it as a
packet sniffer, I mean without any rule (something like snort -v net
172.10.0...).
With snort I just capture traffic going through and coming from the
switches (Alteon), when I see more stuff with tcpdump.
So I am now wondering if I do not miss a lot with my snort boxes (all
began because I was wondering why I did not captured portscan activities
since end of February...).

If anybody or someone (:-)) has an explanation...

Best regards.

Guillaume.





More information about the Snort-users mailing list