[Snort-users] wireless router with 4 port switch

Matt Kettler mkettler at ...4108...
Wed Nov 19 16:10:05 EST 2003

At 06:04 PM 11/18/2003, Fred McFeeters wrote:
>i have a wireless router with 4 port switch. i would like to set snort up 
>so that it can monitor the switch traffic and also the wireless. so i 
>could see if some one was attacking my wireless. can it be done?

It's impossible to monitor switch traffic on a cheapo 4-port switch, 
without using something like macof to beat it into behaving like a hub.

Sorry, but the very nature of what a switch is prevents monitoring the 
switch by the normal snort methods. All snort will see is traffic going out 
the switch port that your snort box is connected to, and some broadcast arp 
traffic.. it will not see anything else.

As for the wireless, that's out of my realm, but you've got other problems 
to deal with first, such as understanding what a switch is and how a 
sniffer works in the first place.

