[Snort-users] Snort deployment on a switch environment...
edwin1118 at ...125...
Mon Jan 28 19:54:02 EST 2002
I have deployed my snort box in our switch as i need to monitor the
traffic passing thru our router which is of course connected on the same
switch (i enable "port monitoring").
I use the default snort rules and didn't change any to test if i can
sniff or logs the incoming and outgoing packets passing on that router. My
HOME_NET and EXTERNAL_NET point to any any as initial testing.
So far, i can see different ip's logged under my /var/log/snort
directory when i ran it in a packet logger mode (./snort -dv -l) but when i
ran it under NIDS mode "./snort -b -A fast -c snort.conf", i couldn't see
any alert logs and portscan logs when i did a simulation test using nmap.
I wanted to use my snort box as NIDS in my network. Any suggestion to
test my snort box in a switching environment? Did i deploy my snort box
Grateful for your response.
Join the world�s largest e-mail service with MSN Hotmail.
More information about the Snort-users