[Snort-users] Enable Snort To Detect NIDS

Benjamin Wall ben at ...7924...
Thu Jan 9 10:40:28 EST 2003


What kind of network do you have?  If you are talking about a hub-ed
network then it is easy.  Switched is not so easy. 

If you are on a hub-ed network then you have to put the network card
into "promiscuous" mode.  In Linux this is done by using the command 
#> ifconfig eth0 promisc 
to turn this off 
#> ifconfig eth0 -promisc 

you should see a "PROMISC" in the output from 

On Wed, 2003-01-08 at 04:21, Pathmenanthan Ramakrishna wrote: 
> hi,
> 
> im using snort version 1.9.when i start the snortd deamon it enables the snort and captures data that direct to the server.
> 
> how to enable the snort to capture the entire LAN traffic?
> currently when i perform an attack to the host(where snort running)i can see values at the ACID Console.
> 
> what if when the snort is running,i want it to detect other host activities as well.
> 
> how do i do that?
> 
> can anyone help me
> 
> thanks 
> 
> Nanthan
> 
> 
> _____________________________________________________________
> Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
> http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
> 
> 
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list