[Snort-users] capturing intrusion to all networks

Sean Lazar slazar at ...9944...
Wed Sep 17 20:20:15 EDT 2003


Are you on a switched network? A switch dosen't pass traffic to all ports.
You can use a hub or if your switch is manageable use port mirroring. Also
check your snort.conf file and see what EXTERNAL_NET is set to. Depending on
the location of the sensor, you may want to set it to any.

Sean

----- Original Message ----- 
From: "toor nimda" <rsc at ...10097...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, September 17, 2003 7:59 PM
Subject: [Snort-users] capturing intrusion to all networks


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi.
>
> I have installed snort 2.0.1 on redhat 9.0. How can I capture all
intrusion on
> all networks x.x.x.x/19. what i can see only is the intrusion on the local
> machine where i installed snort. any help pls :)
>
> tia
> ruds
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE/aR+hq+lG/m5H17wRArzGAKDcnCYUVvIL1D6dPA6Ng09sUZEq7wCg3eNv
> oVE1ehB9suUe7YYPrGiAWns=
> =H/0+
> -----END PGP SIGNATURE-----
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
>





More information about the Snort-users mailing list