[Snort-users] How to place Snort machine on the network ?
bsdguy at ...4401...
Tue Jan 8 22:25:02 EST 2002
On Tue, 2002-01-08 at 22:54, Greg Herlein wrote:
> > then the switch is likely to be misconfigured. To confirm this, turn off
> > snort & launch tcpdump then send some traffic from one host to another
> > (without involving the snort box of course).
> Or just start snort in capture mode -
> snort -avd
> :) I found snort initially because it was a much more readable
> packet sniffer than tcpdump format. I got hooked on it's IDS
> capabilities, but still use it for capture all the time... though
> tethereal is nifty for it's higher layer analysis capabilites.
right but since the guy believes that snort might have sth to do with
the pb I advised him to use a completely different piece of software to
1. his switch is configured correctly
2. snort has nothing to do with his pb (if he can't sniff with tcpdump
then the switch is probably misconfigured ;)
/Saad -- [bsdguy at ...4401...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well
More information about the Snort-users