[Snort-users] Also new to Snort
erek at ...577...
Fri Nov 9 11:32:03 EST 2001
On Fri, 9 Nov 2001, Geoff Hirschi wrote:
> I am very new to Snort. To compound my trouble, Snort is the first
> sniffer software I have ever tried to work with.
No, that's a good thing. Now you understand/see the good before you deal with
> Primarily we are looking for a something that will give us real time
> indication of how our bandwidth is being used on our subnet. In the
> documentation on the website and in the readme I saw several refrences to
> using Snort as a bandwidth monitor, but I was not able to find any
> instructions on how to use it that way. I am perfectly willing and able
> to RTFM - but I cant seem to find the refrence in the FM that I need.
> Can someone please point me to the starting point? In case it matters, I
> am running the WindersNT version of Snort.
Ugh... Windows <bleh>... Sorry, I'm a Unix Bigot. ;-) The programs I'm
going to refer to are usually for *nix, not for Windows*. You might be able
to get them to run, if there isn't already a port, by using cyrus utilities
pack for Windows*. ( I can't recall the URL... )
But what you really want isn't snort. You really want something like MTRG
(http://www.mrtg.org), or one of it's 'children': cricket, orca, or RRDtool.
These products can actually get the data from the router and plot it onto a
pretty webpage for the pointy hair types. Gives you good ammo to upgrade your
pipe when needxed! If you are trying to break it down by protocol, have a
look at ntop (http://www.ntop.org). Be warned, some older versions had a
remote security hole...
Hope this helps!
More information about the Snort-users