[Snort-users] Sensor location

César Sanabria cesanpin at ...11827...
Fri Nov 19 10:42:13 EST 2004


Hi, i'm having troubles detecting traffic, my network is more or less:

	      DMZ	
	       |	                        |------- LAN 1 	(segment 191.168.1.x)
INTERNET ---- GW --(1)---GW-- |-------- LAN 2 (segment 191.168.2.x)
		  segement X           |		.
			                        |  		.
			                        |------- LAN N (segment 191.168.n.x)

I put my sensor on (1) a segment x (192.x.x.x) and i would like to
catch all traffic from every LAN (segment), but i'm not logging all
alerts, i mean, suppously i'm on the fist segment and i ping a server
on the DMZ i can't see the traffic neither in sniffer mode, so the
question is:

Why i'm not logging alerts from other segments that aren't in the same
segment where i put my sensor?.. What can i do to log alerts?




More information about the Snort-users mailing list