[Snort-users] How to place Snort machine on the network ?

skadhi skadhi at ...4497...
Tue Jan 8 08:53:13 EST 2002


On Tue, 2002-01-08 at 12:49, Syed Tariq Mustafa wrote:
> Hi All,
> 
> I am new to the Snort stuff. But I have managed to install and test it. Its
> working fine as far as running it is concerned. I set the eth0 LAN
> connection to PROMISCIUS mode, which is then supposed to capture all network
> traffic.
> 
> But it is not happening so if you use " snort -v " to display the traffic on
> your screen.
> 
> All I could see is the broadcast traffic. Say a packet from 192.168.0.10 to
> 192.168.0.255 but machine to machine communication isn't just appearing !!!
> 
> I am connected to the network using a Cisco 2912 switch and have set one of
> its port to Monitoring Port. Now I am not sure if it is properly set as
> monitoring port or not ... !!!
> 
> Can someone tell me what is the cause of this problem.
well if you see only the broadcast traffic & you have that 2912 switch
then the switch is likely to be misconfigured. To confirm this, turn off
snort & launch tcpdump then send some traffic from one host to another
(without involving the snort box of course). 

HTH

-- 
/Saad Kadhi --  [skadhi at ...4497...] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well





More information about the Snort-users mailing list