[Snort-users] Snort not seeing traffic

Peter Bates peter.bates at ...15381...
Wed Aug 29 07:09:29 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 29/08/2012 10:24, Pratik Narang wrote:
> On Tue, Aug 28, 2012 at 8:25 PM, Jeremy Hoel <jthoel at ...11827...>
> wrote:
>> All 4 devices are plugged into the same switch and you are 
>> spanning/monitoring the right port on the switch?
> 
> "right port"?? not clear to me...

You should have a port for your outbound connection and you should be
spanning or tapping (in other words copying) that port and traffic.

> If I am not wrong, the simple mistake is that I am connected via a 
> switch, and so, all the network traffic is not visible at my 
> interface.

Yes - either switch to a 10/100 Hub (assuming your network connection
is no faster) so you will see all the traffic or look at some of Doug
Burke's suggestions here:
http://code.google.com/p/security-onion/wiki/Hardware

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQPfhpAAoJELhVoVpEMS6R7rcIAKyunVq/zbM0QqBCfkEW7Evi
c9HJ07Q3F5lAisd2Y8LLVuLBlC96IORsgjWNrXcjqkTTrg/nzQqWv7YMm9+LQEtG
mj6v3WMmEDxRv2KB9Upazs8T+kn69RwKt7TQHZa8wptYUTRkwEBu8uue0bd9L0fv
b2VAeLnNvhQsJGlRXf//+Rzda2jCSEUSGIrq0SSkSVKWbtiu6S7o13iM9i0qqu7w
QyuG1G4vUv3fonSBQ73QueGO14KkdZkuF5UfyYEJuIQjhx1ExtJyByW4q1gOBet1
Jk9Ic2+ea7YZAy8vUZ2JVgHwWuQbWuUrQgTaoot6WmET+sP8mVVsLQo4daFmGTU=
=DDMW
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list