[Snort-users] Snort & tcpdump
guillaume at ...1168...
Fri Mar 9 12:53:10 EST 2001
I installed some snort boxes on switched networks.
As I checked why I was not able to see all the traffic, I notided that
tcpdump seems to "see" much more traffic than snort does, using it as a
packet sniffer, I mean without any rule (something like snort -v net
With snort I just capture traffic going through and coming from the
switches (Alteon), when I see more stuff with tcpdump.
So I am now wondering if I do not miss a lot with my snort boxes (all
began because I was wondering why I did not captured portscan activities
since end of February...).
If anybody or someone (:-)) has an explanation...
More information about the Snort-users