[Snort-users] Snort for Broadcast Detection counts only

Tim Olson Tim at ...7663...
Wed Dec 4 05:43:25 EST 2002


I'd like to set up snort to detect broadcasts only and then
have a way to tabulate the sources to see where most of them are
coming from.   I've trimmed down my .rules section to the snort.conf
file, and created rules to detect broadcasts.   Anyone else ever
set snort up to do this?  If so, maybe give me some tips as to
getting a good display of the tabulation.  So far I've only used
Snortsnarf and never dabbled in ACID or any other add-ons.
Give me some suggestions and I'll try them out.

Ultimately I'm just trying to discover the cause of excessive
broadcasts on our network.  Our Cisco switches see maybe 10,000
in 5 minutes.


More information about the Snort-users mailing list