[Snort-users] Promiscious mode + Win2k

Erek Adams erek at ...950...
Fri Jun 13 06:03:14 EDT 2003


On Fri, 13 Jun 2003, [iso-8859-1] darniot benjamin wrote:

> I want to use Snort (or windump...) as a Packet logger under Win2k. I
> have installed Winpcap 3.0 to capture IP trafic. My computer belongs to
> a small local network (192.168.1.0/24) connected by a hub.  When i start
> Snort or another packet logger, i see only broadcast or trafic to my
> computer. I don't understand why my network's card are not in
> promiscious mode. However, Winpcap seems to be correctly installed.  I
> want to see all the local network's trafic (it's a Hub so it should
> work??). If someone got an idea.

It may not be a hub as you expect.  If it's an "auto-sensing 10/100mb"
hub, then it's not going to work (most likely).  Those 'hubs' are actually
_two_ hubs (10 and 100mb) that are bridged together.  If you plug a 10mb
connection, you can "see" only 10mb traffic.  If it's 100mb you can only
see 100mb traffic.

Check the FAQ.  :)

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list