[Snort-users] Snort in VMware
jcoppock1 at ...5068...
Wed Feb 18 16:54:01 EST 2004
M. Morgan, 2004-Feb-18 14:49 -0500:
> You need to have snort plugged into a "spanned" or "mirrored" port for it
> to see all of the traffic on that hub/switch/router. You should be able to
> use "tcpdump" in Red Hat to get a look at the real time traffic on your
> eth card.
Actually, you would need a mirrored port on a switch since switches
bridge between ports, and a router since routers either bridge or
route between ports. But, mirroring is not done on hubs since hubs
repeat all traffic to every port.
Just a minor knitpick clarification...jc
Jeff Coppock Systems Engineer
Diggin' Debian Admin and User
More information about the Snort-users