[Snort-users] Issue with Wireless Monitoring
paulk33243 at ...11827...
Thu Apr 1 13:09:49 EDT 2010
Anyone have a good, recent link or article on completely setting up Snort
for a wireless network?
Here is my issue:
- Using wlan0 (Atheros card) on a laptop and Snort starts just fine on the
system, so no issues there.
- Created a simple rule to look for nocase "google" - works like a champ on
the local system
- Above rule does not work to monitor other traffic on the same WAP as the
- snort -v -d -i wlan0 will see the full packet captures from the other
systems, including the full request to google and displays the google packet
- However, no alerts are generated from the above connection to google on a
- Can create a rule looking for traffic to/from another system's IP address
and snort will capture and alert on traffic to/from the system.
So basically, 'snort -v -d -i wlan0' will see all traffic from all systems
on the WAP, a rule looking for traffic to/from a system on the WAP will
trigger; however, Snort will not alert on content from other systems on the
Am I missing something really trivial here, or is there a trick to getting
wireless monitoring going?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users