[Snort-users] [Manual] How to Make Asus RT-N15U Wireless Router (Tomato by Shibby Fimware) Mirror Traffic to Snort

Teo En Ming teo.en.ming at ...11827...
Mon Apr 7 14:13:55 EDT 2014


Updated the manual to version 1.1.

Teo En Ming


On Mon, Apr 7, 2014 at 7:38 PM, Teo En Ming <teo.en.ming at ...11827...> wrote:

> Dear Snort Team @ Sourcefire,
>
> As some of the information on the http://www.snort.org/docs page
> pertaining to how to make home routers mirror traffic to Snort is outdated,
> could you publish this manual on the http://www.snort.org/docs page as
> well.
>
> Please note that the latest dd-wrt v24-SP2 and OpenWRT 12.09 firmwares NO
> LONGER support mirroring traffic to Snort as they are based on the Linux
> kernel 3.x. The kernel module ipt_ROUTE.ko is *incompatible* with Linux
> kernel 3.x. The ipt_ROUTE source code is only compatible with the Linux
> kernel 2.6.x.
>
> Please use Tomato by Shibby firmwares if you seriously want to mirror
> traffic to Snort. Please visit his website at http://tomato.groov.pl/ Why
> do you want to use Tomato by Shibby firmwares if you want to contemplate
> mirroring traffic to Snort? Because Tomato by Shibby firmwares are based on
> the Linux kernel 2.6.x. The latest is not always the greatest.
>
> After failing to mirror traffic to Snort with the latest dd-wrt and
> OpenWRT firmwares on my Buffalo WZR-HP-G300NH2 router, I have FINALLY
> successfully mirrored traffic to Snort using Tomato by Shibby firmware on
> my Asus RT-N15U router.
>
> I have wasted a few days and SGD$109 on the Buffalo WZR-HP-G300NH2
> wireless router in attempting to mirror traffic to Snort. I have wasted a
> lot of time on the dd-wrt and OpenWRT firmwares. Please DO NOT use the
> *latest* dd-wrt and OpenWRT firmwares if you seriously want to use home
> routers to mirror traffic to Snort.
>
> I hope I have saved potential Snort users' (who want to use home routers
> to mirror traffic to Snort) time and money by providing valuable advice
> here.
>
> Please refer to the attached PDF file in this email for the manual which I
> have just written.
>
> Lastly, and the most important of all, please help me generate some alerts
> for my Snort IDS virtual machine. My Snort IDS is installed in a virtual
> machine running on Oracle VM VirtualBox. My websites are
> http://www.teo-en-ming.com and http://www.zhang-enming.com
>
> I want to see some alerts appearing on my Snort box, just to make sure my
> Snort NIDS is fully operational.
>
> Yours sincerely,
>
> Teo En Ming
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140408/9f59ce40/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: How to Make Asus RT-N15U Wireless Router (Tomato by Shibby	Fimware) Mirror Traffic to Snort - Version 1.1.pdf
Type: application/pdf
Size: 77946 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140408/9f59ce40/attachment.pdf>


More information about the Snort-users mailing list