[Snort-users] How to place Snort machine on the network ?

Saad Kadhi bsdguy at ...4401...
Tue Jan 8 22:25:02 EST 2002


On Tue, 2002-01-08 at 22:54, Greg Herlein wrote:
> > then the switch is likely to be misconfigured. To confirm this, turn off
> > snort & launch tcpdump then send some traffic from one host to another
> > (without involving the snort box of course). 
> 
> Or just start snort in capture mode - 
> 
> 	snort -avd
> 
> :)  I found snort initially because it was a much more readable
> packet sniffer than tcpdump format.  I got hooked on it's IDS
> capabilities, but still use it for capture all the time... though
> tethereal is nifty for it's higher layer analysis capabilites.
right but since the guy believes that snort might have sth to do with
the pb I advised him to use a completely different piece of software to
make sure:
1. his switch is configured correctly
2. snort has nothing to do with his pb (if he can't sniff with tcpdump
then the switch is probably misconfigured ;)

cheers.

-- 
/Saad --  [bsdguy at ...4401...] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well





More information about the Snort-users mailing list