[Snort-users] Setting up simple LAN-sniffing for bad signatures?
miche1 at ...741...
Fri Jan 2 16:18:48 EST 2015
Dear Snort Users: I'm trying to figure out how to set up Snort on my
Opensuse 13.1x64 system to sniff (and log) instances of "bad" network
traffic (via snort signature database). It seems tricky to get this
going. There are websites which gave me enough information to get the
sniffer operational, but I can't seem to figure out how to get to read a
database of bad signatures, and log only those bad ones. Does anyone
have a simple DIY for this? I'm not trying to set up an alarm or
automatic response system. Just to have a logfile available to look at
from time to time, or maybe diff occasionally.
Also, is it necessary to run snort in a virtual machine as a "sandbox,"
or else to have two NICs, one for normal LAN traffic and the other for
Thank You Very Much,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users