Snort mailing list archives

Re: External snort monitoring

From: "Security @ Monster-Solutions.Net" <security () monster-solutions net>
Date: Wed, 8 Aug 2001 13:22:54 -0400

yeah it is autosensing. I have forced the external nic that is plugged into
the hub into 10MB to match the other connections on the hub.

----- Original Message -----
From: "Erek Adams" <erek () theadamsfamily net>
To: "Larry E. Smith Jr." <lsmithjr () monster-solutions net>
Cc: "Snort List (E-mail)" <snort-users () lists sourceforge net>
Sent: Wednesday, August 08, 2001 1:16 PM
Subject: Re: [Snort-users] External snort monitoring

On Wed, 8 Aug 2001, Larry E. Smith Jr. wrote:

I have my cable modem hooked into a Linksys 5 port hub and I also have a
snort sensor configured on the hub to catch all traffic coming to my
network. from the 5 port hub it connects into a Linksys router which is
where my server is located. my question is why can i catch traffic on my
internal snort sensor connected to the Linksys router, but all I can see
are ARP requests on the external snort sensor which is connected to the
hub? anyone have any ideas?


If I'm going to _guess_, I'd say that you're using a 10/100mb auto sensing
hub.  Many of those little dudes will segregate traffic from 10mb from

100mb.

Almost like two hubs in the same box.  It's getting harder and harder to

find

something that can see all the traffic on your network that's 'just a

plain

hub.'

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

External snort monitoring Larry E. Smith Jr. (Aug 08)
- Re: External snort monitoring Frank McPherson (Aug 08)
- Re: External snort monitoring Frank McPherson (Aug 08)
  - Re: External snort monitoring Larry E. Smith Jr. (Aug 08)
- Re: External snort monitoring George D. Nincehelser (Aug 08)
- Re: External snort monitoring Erek Adams (Aug 08)
  - Re: External snort monitoring Security @ Monster-Solutions.Net (Aug 08)
- <Possible follow-ups>
- RE: External snort monitoring swilcoxon (Aug 08)
  - FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Dragos Ruiu (Aug 08)
    - RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Franki (Aug 08)
    - RE: FAQ 10/100 Hubs Block Other Speed Traffic Erek Adams (Aug 08)
    - RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Rich Adamson (Aug 08)
    - Re: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Ramin Alidousti (Aug 08)
    - RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) Jason (Aug 08)
    - RE: RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) James Friesen (Aug 09)
    - RE: RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) James Friesen (Aug 10)
    - Question? James Friesen (Aug 10)

(Thread continues...)