[Snort-users] Re: What can Snort listen for (again)? (steven)
joe at ...3851...
Mon Oct 22 12:44:06 EDT 2001
If the hosts in question are plugged into the same hub as the snort sensor you're good to go.
If you are running on a switch you have to create a mirror port for snort (so it can see the traffic
on the other ports). On a switched network you will see nothing but the snort hosts own traffic (netbios,
ICMP etc) and broadcast junk unless you do this.
Date: Tue, 23 Oct 2001 02:21:02 +0800
From: steven <steven at ...2419...>
To: snort-users <snort-users at lists.sourceforge.net>
Subject: [Snort-users] What can Snort listen for (again)?
Sorry, I'v post a letter minutes ago, but I found the ascii chart was
My question is, can I capture any traffic in the LAN which is not target
to or send from the host which is running the snort? If possible, how
Thanks in advance.
home page: http://steven4u.net
tel: +86 760 8320102
rfc-822: steven at ...2419...
If money could talk, it would say - goodbye
From: "james" <the_saint_james at ...131...>
To: <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] What can Snort listen for (again)?
Date: Mon, 22 Oct 2001 13:06:25 -0600
If you are using a hub, the hub repeats all traffic sent to it on all ports.
This is the normal operation of a hub. So Snort can sniff all traffic on the
hub if it is on any host attached to the hub.
jamesh at ...3784...
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700
Snort-users mailing list
Snort-users at lists.sourceforge.net
End of Snort-users Digest
More information about the Snort-users