[Snort-users] wireless router with 4 port switch

twig les twigles at ...131...
Wed Nov 19 17:00:14 EST 2003

--- Matt Kettler <mkettler at ...4108...> wrote:
> At 06:04 PM 11/18/2003, Fred McFeeters wrote:
> >i have a wireless router with 4 port switch. i would like to
> set snort up 
> >so that it can monitor the switch traffic and also the
> wireless. so i 
> >could see if some one was attacking my wireless. can it be
> done?
> It's impossible to monitor switch traffic on a cheapo 4-port
> switch, 
> without using something like macof to beat it into behaving
> like a hub.
> Sorry, but the very nature of what a switch is prevents
> monitoring the 
> switch by the normal snort methods. All snort will see is
> traffic going out 
> the switch port that your snort box is connected to, and some
> broadcast arp 
> traffic.. it will not see anything else.
> As for the wireless, that's out of my realm, but you've got
> other problems 
> to deal with first, such as understanding what a switch is and
> how a 
> sniffer works in the first place.

But all is not lost.  I have a little Netgear thingy (Cisco box
gave out after a decade) and I sniff quite nicely by
daisy-chaining a switch to it.  A hub would work too.  You just
won't get any traffic from boxes that are plugged directly into
the wireless router/switch, but that's a pretty easy problem to
get around (don't plug stuff into it).

Get a taste of Religion ... eat a priest!       

Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard

More information about the Snort-users mailing list