[Snort-users] Re: What can Snort listen for (again)? (steven)

Joe Pampel joe at ...3851...
Mon Oct 22 12:44:06 EDT 2001

If the hosts in question are plugged into the same hub as the snort sensor you're good to go.
If you are running on a switch you have to create a mirror port for snort (so it can see the traffic
on the other ports). On a switched network you will see nothing but the snort hosts own traffic (netbios,
ICMP etc)  and broadcast junk unless you do this. 


>>Message: 5
Date: Tue, 23 Oct 2001 02:21:02 +0800
From: steven <steven at ...2419...>
To: snort-users <snort-users at lists.sourceforge.net>
Subject: [Snort-users] What can Snort listen for (again)?


Sorry, I'v post a letter minutes ago, but I found the ascii chart was
messed up.

My question is, can I capture any traffic in the LAN which is not target
to or send from the host which is running the snort? If possible, how

Thanks in advance.

home page: http://steven4u.net 
tel:       +86 760 8320102
rfc-822:   steven at ...2419... 

       (o o)
If money could talk, it would say - goodbye


Message: 6
From: "james" <the_saint_james at ...131...>
To: <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] What can Snort listen for (again)?
Date: Mon, 22 Oct 2001 13:06:25 -0600

If you are using a hub, the hub repeats all traffic sent to it on all ports.
This is the normal operation of a hub. So Snort can sniff all traffic on the
hub if it is on any host attached to the hub.

James Edwards
jamesh at ...3784... 
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700


Snort-users mailing list
Snort-users at lists.sourceforge.net 

End of Snort-users Digest

More information about the Snort-users mailing list