[Snort-users] [Manual] How to Make Asus RT-N15U Wireless Router (Tomato by Shibby Fimware) Mirror Traffic to Snort

Teo En Ming teo.en.ming at ...11827...
Mon Apr 7 18:16:10 EDT 2014

Dear Joel Esler,

Could you publish my manual on http://www.snort.org/docs ?

Thank you very much.


Teo En Ming

On Tue, Apr 8, 2014 at 2:13 AM, Teo En Ming <teo.en.ming at ...11827...> wrote:

> Updated the manual to version 1.1.
> Teo En Ming
> On Mon, Apr 7, 2014 at 7:38 PM, Teo En Ming <teo.en.ming at ...11827...> wrote:
>> Dear Snort Team @ Sourcefire,
>> As some of the information on the http://www.snort.org/docs page
>> pertaining to how to make home routers mirror traffic to Snort is outdated,
>> could you publish this manual on the http://www.snort.org/docs page as
>> well.
>> Please note that the latest dd-wrt v24-SP2 and OpenWRT 12.09 firmwares NO
>> LONGER support mirroring traffic to Snort as they are based on the Linux
>> kernel 3.x. The kernel module ipt_ROUTE.ko is *incompatible* with Linux
>> kernel 3.x. The ipt_ROUTE source code is only compatible with the Linux
>> kernel 2.6.x.
>> Please use Tomato by Shibby firmwares if you seriously want to mirror
>> traffic to Snort. Please visit his website at http://tomato.groov.pl/Why do you want to use Tomato by Shibby firmwares if you want to
>> contemplate mirroring traffic to Snort? Because Tomato by Shibby firmwares
>> are based on the Linux kernel 2.6.x. The latest is not always the greatest.
>> After failing to mirror traffic to Snort with the latest dd-wrt and
>> OpenWRT firmwares on my Buffalo WZR-HP-G300NH2 router, I have FINALLY
>> successfully mirrored traffic to Snort using Tomato by Shibby firmware on
>> my Asus RT-N15U router.
>> I have wasted a few days and SGD$109 on the Buffalo WZR-HP-G300NH2
>> wireless router in attempting to mirror traffic to Snort. I have wasted a
>> lot of time on the dd-wrt and OpenWRT firmwares. Please DO NOT use the
>> *latest* dd-wrt and OpenWRT firmwares if you seriously want to use home
>> routers to mirror traffic to Snort.
>> I hope I have saved potential Snort users' (who want to use home routers
>> to mirror traffic to Snort) time and money by providing valuable advice
>> here.
>> Please refer to the attached PDF file in this email for the manual which
>> I have just written.
>> Lastly, and the most important of all, please help me generate some
>> alerts for my Snort IDS virtual machine. My Snort IDS is installed in a
>> virtual machine running on Oracle VM VirtualBox. My websites are
>> http://www.teo-en-ming.com and http://www.zhang-enming.com
>> I want to see some alerts appearing on my Snort box, just to make sure my
>> Snort NIDS is fully operational.
>> Yours sincerely,
>> Teo En Ming
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140408/579189fd/attachment.html>

More information about the Snort-users mailing list