[Snort-users] detecting a sniff application

Rob Hughes rob at ...1932...
Wed Jul 10 05:15:08 EDT 2002


On Tue, 2002-07-09 at 15:24, McCammon, Keith wrote:
> Read the FAQ...
> 
> http://www.snort.org/docs/faq.html#1.8
> 
> -----Original Message-----
> From: emil (needguide.com) [mailto:security at ...6275...]
> Sent: Tuesday, July 09, 2002 4:15 PM
> To: 'Wissam Halawani'; snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] detecting a sniff application
> 
> 
> I was about to ask this question. Thanks Wissam.
> How will I be able to detect network intrusion in switch network?
>  
> Thanks.

You'll either need to plug the switch and the snort box into a hub in
order to detect traffic entering and leaving that segment, or plug the
snort box into a monitor (mirror, whatever your vendor calls it) port on
the switch to detect all traffic on that switch. 

-- 
Remember: the only difference between
being the champ and the chump is u.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 210 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020710/37a37c4f/attachment.sig>


More information about the Snort-users mailing list