[Snort-users] I need help with network address setup

Steve Jacobsen steve at ...6480...
Tue Jul 30 06:49:03 EDT 2002


Here's the basic setup.

Internet -- Router -- Hub -- Firewall -- Switch -- Internal hosts
                       |
                     Snort

I have the snort machine plugged into the hub inbetween the router and
firewall. I'm just assuming that my configuration file or command line
is wrong.

Here is my command line C:\Snort\snort.exe -c "C:\Snort\snort.conf" -l
"C:\Snort\log" -A full -h xxx.xxx.xxx.64/27 -i 1 -a -d



/steve 

-----Original Message-----
From: Scott Nursten [mailto:scottn at ...4526...] 
Sent: Tuesday, July 30, 2002 8:41 AM
To: Steve Jacobsen; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] I need help with network address setup


Hey Steve, 

Could you tell us a little more about your config. If, for instance,
your network is using 3com switches and you have your sensor plugged
into the switch with no taps / span configs you won't be receiving
traffic for the network on the sensor. :)

Now, the above is (of course) purely hypothetical (and I'm sure this
isn't the case), but without an idea of the physical layout (whether the
IDS is inline or SPAN'd etc) and anything else pertinent to dumping
traffic on the segment(s), we (well certainly I) can't be of much use.


Kind Regards, 

-- 
Scott Nursten
--------------------------
S2S Limited
T: 01444 232 742
F: 01444 232 061
M: 07786 864 976
W: http://s2s.ltd.uk
E: scottn at ...4526...
--------------------------






More information about the Snort-users mailing list