[Snort-users] As a newbie, two questions

McCammon, Keith Keith.McCammon at ...3497...
Fri May 3 09:17:04 EDT 2002


If you're on a hub, then you should get a copy of all traffic by default.  However, it never hurts to test your promiscuous (monitoring) interface to ensure that it is operating properly.  Perhaps try initializing snort from the command line in sniffer mode (snort -v) to ensure that you're actually capturing packets destined for other hosts on the segment.

-----Original Message-----
From: Emanuele Salvador [mailto:lele at ...5772...]
Sent: Friday, May 03, 2002 12:02 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] As a newbie, two questions



On Venerdì, maggio 3, 2002, at 05:32 , McCammon, Keith wrote:

> 2) your sensor is properly placed on a monitoring port on your switch,


What exactly should I check? I think the var $HOME_NET, set to any, is 
right. And I'm testing the machines on a hub, not a switch since I read 
that there may arise problems (and i still have to read manuals to see if 
my switch supports mirroring).

Thanks,
Emanuele



_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth at ...382...
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




More information about the Snort-users mailing list