[Snort-users] Snort in VMware

Jeff jcoppock1 at ...5068...
Wed Feb 18 16:54:01 EST 2004


M. Morgan, 2004-Feb-18 14:49 -0500:
> 
>     You need to have snort plugged into a "spanned" or "mirrored" port for it
>    to see all of the traffic on that hub/switch/router. You should be able to
>    use "tcpdump" in Red Hat to get a look at the real time traffic on your
>    eth card.

Actually, you would need a mirrored port on a switch since switches
bridge between ports, and a router since routers either bridge or
route between ports.  But, mirroring is not done on hubs since hubs
repeat all traffic to every port.

Just a minor knitpick clarification...jc

-- 
Jeff Coppock		Systems Engineer
Diggin' Debian		Admin and User




More information about the Snort-users mailing list