[Snort-users] snort lan sniff

Al Lewis (allewi) allewi at ...589...
Mon Feb 16 14:57:24 EST 2015

Hello Bruno,

	You will need to span the traffic to your sniffing interface. If your box is connected to a switch the switch wont forward traffic to your nic by default (only broadcast traffic). 

Or.. you could connect all of your boxes to a hub (not recommended :-) )...

Hope this helps!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046 
Phone: (office) 443.430.7112
Email: allewi at ...589... 

-----Original Message-----
From: Dario Bruno [mailto:dario.bruno at ...2470...] 
Sent: Monday, February 16, 2015 2:39 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] snort lan sniff

Hello everybody,
I'm using Snort on Ubuntu 14.04
All works fine when I sniff traffic on my nic (eth0) but I would like to sniff packets on the lan (i.e. http to the router inside interface).
I tried putting my nic in promiscuous mode but I still just able to sniff the traffic only to/from my interface (eth0).
Thank you for your help
Best regards
Dario Bruno
PGP key: 0x8D83F768


Il presente messaggio ha contenuto confidenziale, e la sua lettura, allegati compresi, e' riservata esclusivamente ai destinatari previsti.
Nel caso riteniate di non essere uno dei destinatari previsti, siete pregati di distruggere il messaggio e di informarne il mittente.

This message contains confidential information, and it is intended to be read, attachments included, only by intended recipients.
If you believe not to be one of the intended recipients, please destroy the message and inform the sender.


Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list