[Snort-users] Promiscious mode + Win2k
erek at ...950...
Fri Jun 13 06:03:14 EDT 2003
On Fri, 13 Jun 2003, [iso-8859-1] darniot benjamin wrote:
> I want to use Snort (or windump...) as a Packet logger under Win2k. I
> have installed Winpcap 3.0 to capture IP trafic. My computer belongs to
> a small local network (192.168.1.0/24) connected by a hub. When i start
> Snort or another packet logger, i see only broadcast or trafic to my
> computer. I don't understand why my network's card are not in
> promiscious mode. However, Winpcap seems to be correctly installed. I
> want to see all the local network's trafic (it's a Hub so it should
> work??). If someone got an idea.
It may not be a hub as you expect. If it's an "auto-sensing 10/100mb"
hub, then it's not going to work (most likely). Those 'hubs' are actually
_two_ hubs (10 and 100mb) that are bridged together. If you plug a 10mb
connection, you can "see" only 10mb traffic. If it's 100mb you can only
see 100mb traffic.
Check the FAQ. :)
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users