Snort mailing list archives
FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring)
From: Dragos Ruiu <dr () kyx net>
Date: Wed, 8 Aug 2001 12:15:34 -0700
This _has_ to be put into the FAQ. Does anyone care to try penning/editing the conclusive, concise, and tutorial answer also explaining the operation of the hub that causes Snort/IDS problems...? cheers, --dr On Wed, 08 Aug 2001, swilcoxon () iqmarketing com wrote:
Dual speed hubs act like a switch between the two different speeds. If your two machines are at different speeds you won't see the other traffic. S.W.-----Original Message----- From: Larry E. Smith Jr. [mailto:lsmithjr () monster-solutions net] Sent: Wednesday, August 08, 2001 12:01 PM To: Frank McPherson Cc: Snort List (E-mail); Snort Users Subject: Re: [Snort-users] External snort monitoring It shows in the system log as going into promiscuous mode. and I called Linksys to verify that this is a hub and not a switch. and i do not need to set an IP for the sensor correct? ----- Original Message ----- From: "Frank McPherson" <fhmiv () mac com> To: "Larry E. Smith Jr." <lsmithjr () monster-solutions net> Cc: "Snort List (E-mail)" <snort-users () lists sourceforge net>; "Snort Users" <snort-users () sourceforge net> Sent: Wednesday, August 08, 2001 12:11 PM Subject: Re: [Snort-users] External snort monitoring Two ideas: The ethernet interface on your external snort sensor is not in promiscuous mode; or your "hub" is really a switch. On Wednesday, August 8, 2001, at 11:12 AM, Larry E. Smith Jr. wrote:I have my cable modem hooked into a Linksys 5 port hub andI also havea snort sensor configured on the hub to catch all trafficcoming to mynetwork. from the 5 port hub it connects into a Linksysrouter which iswhere my server is located. my question is why can i catchtraffic onmy internal snort sensor connected to the Linksys router,but all I cansee are ARP requests on the external snort sensor which isconnected tothe hub? anyone have any ideas?_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- External snort monitoring Larry E. Smith Jr. (Aug 08)
- Re: External snort monitoring Frank McPherson (Aug 08)
- Re: External snort monitoring Frank McPherson (Aug 08)
- Re: External snort monitoring Larry E. Smith Jr. (Aug 08)
- Re: External snort monitoring George D. Nincehelser (Aug 08)
- Re: External snort monitoring Erek Adams (Aug 08)
- Re: External snort monitoring Security @ Monster-Solutions.Net (Aug 08)
- <Possible follow-ups>
- RE: External snort monitoring swilcoxon (Aug 08)
- FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Dragos Ruiu (Aug 08)
- RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Franki (Aug 08)
- RE: FAQ 10/100 Hubs Block Other Speed Traffic Erek Adams (Aug 08)
- RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Rich Adamson (Aug 08)
- Re: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Ramin Alidousti (Aug 08)
- RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) Jason (Aug 08)
- RE: RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) James Friesen (Aug 09)
- RE: RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) James Friesen (Aug 10)
- Question? James Friesen (Aug 10)
- Re: Question? Jed Pickel (Aug 10)
- CODE RED III Mark Spieth (Aug 10)
- FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Dragos Ruiu (Aug 08)