[Snort-users] Snort deployment on a switch environment...

Edwin Pua edwin1118 at ...125...
Mon Jan 28 19:54:02 EST 2002


Hi Sandro,

     I have deployed my snort box in our switch as i need to monitor the 
traffic passing thru our router which is of course connected on the same 
switch (i enable "port monitoring").
     I use the default snort rules and didn't change any to test if i can 
sniff or logs the incoming and outgoing packets passing on that router. My 
HOME_NET and EXTERNAL_NET point to any any as initial testing.
     So far, i can see different ip's logged under my /var/log/snort 
directory when i ran it in a packet logger mode (./snort -dv -l) but when i 
ran it under NIDS mode "./snort -b -A fast -c snort.conf", i couldn't see 
any alert logs and portscan logs when i did a simulation test using nmap.
     I wanted to use my snort box as NIDS in my network. Any suggestion to 
test my snort box in a switching environment? Did i deploy my snort box 
correctly?
     Grateful for your response.

rgds,
Edwin
     I







_________________________________________________________________
Join the world�s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com





More information about the Snort-users mailing list