[Snort-users] PCAP and Snort for Windows

Joel Esler jesler at ...1935...
Tue Mar 12 17:47:05 EDT 2013


On Mar 12, 2013, at 5:25 PM, Jim Turner <JTurner at ...16132...> wrote:

> Can someone explain how PCAP works with Snort for Windows?  If I am running Snort and have PCAP installed, do I still need to mirror the port on my network switch?  Will PCAP monitor all network traffic without port mirroring or installing a second NIC?
>  
> I am new to setting up Snort, IDS, or using tools like this.

I'd suggest a thorough read of the Snort Manual, published for your convenience here: http://manual.snort.org, here: http://www.snort.org/docs and included with the Snort download in the docs/ directory.

This question and many others can be found through a simple Google search:

http://lmgtfy.com/?q=port+mirroring+switch+snort&l=1

We are more than willing to help you, but you have to help yourself as well.  If you are a consultant in the industry, you have to be able to solve these problems not only for yourself, but for your customers.  I'm not trying to insult you, or your intelligence, but I believe in empowering others to solve their problems just as much as empowering others to help others solve their problems.


--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130312/521f5ad2/attachment.html>


More information about the Snort-users mailing list