[Snort-users] How to place Snort machine on the network ?
gherlein at ...3379...
Tue Jan 8 13:55:05 EST 2002
> then the switch is likely to be misconfigured. To confirm this, turn off
> snort & launch tcpdump then send some traffic from one host to another
> (without involving the snort box of course).
Or just start snort in capture mode -
:) I found snort initially because it was a much more readable
packet sniffer than tcpdump format. I got hooked on it's IDS
capabilities, but still use it for capture all the time... though
tethereal is nifty for it's higher layer analysis capabilites.
More information about the Snort-users