[Snort-users] Enable Snort To Detect NIDS
erek at ...950...
Wed Jan 8 09:01:09 EST 2003
On Wed, 8 Jan 2003, Pathmenanthan Ramakrishna wrote:
> im using snort version 1.9.when i start the snortd deamon it enables the
> snort and captures data that direct to the server.
> how to enable the snort to capture the entire LAN traffic? currently
> when i perform an attack to the host(where snort running)i can see
> values at the ACID Console.
> what if when the snort is running,i want it to detect other host
> activities as well.
> how do i do that?
If you are on a switch, setup 'port mirroring' or if a Cisco switch a
'SPAN port'. If on a hub, make sure it's not 'autosensing 10/100' and
just a 'dumb hub' (FAQ 6.21 ). Otherwise, use a pair of 'ethernet
Check out the docs under 'IDS Deployment Guides' . It's really amazing
what you can find if you look.
Oh, and take a penalty drink. ;-)
"When things get wierd, the wierd turn pro." H.S. Thompson
More information about the Snort-users