[Snort-users] Also new to Snort

Erek Adams erek at ...577...
Fri Nov 9 11:32:03 EST 2001

On Fri, 9 Nov 2001, Geoff Hirschi wrote:

> I am very new to Snort.  To compound my trouble, Snort is the first
> sniffer software I have ever tried to work with.

No, that's a good thing.  Now you understand/see the good before you deal with
the bad.

> Primarily we are looking for a something that will give us real time
> indication of how our bandwidth is being used on our subnet.  In the
> documentation on the website and in the readme I saw several refrences to
> using Snort as a bandwidth monitor, but I was not able to find any
> instructions on how to use it that way.  I am perfectly willing and able
> to RTFM - but I cant seem to find the refrence in the FM that I need.
> Can someone please point me to the starting point?  In case it matters, I
> am running the WindersNT version of Snort.

Ugh...  Windows <bleh>...  Sorry, I'm a Unix Bigot. ;-)  The programs I'm
going to refer to are usually for *nix, not for Windows*.  You might be able
to get them to run, if there isn't already a port, by using cyrus utilities
pack for Windows*.  ( I can't recall the URL... )

But what you really want isn't snort.  You really want something like MTRG
(http://www.mrtg.org), or one of it's 'children':  cricket, orca, or RRDtool.
These products can actually get the data from the router and plot it onto a
pretty webpage for the pointy hair types.  Gives you good ammo to upgrade your
pipe when needxed!  If you are trying to break it down by protocol, have a
look at ntop (http://www.ntop.org).  Be warned, some older versions had a
remote security hole...

Hope this helps!

Erek Adams

