RE: Snort not working in a multi hub environment?

[dave.goldsmith () intelsat com]

Two possible problems.

1) It is not purely a hub environment.  You have shown a switch.  Have you
configured the switch to span all traffic to/from any port to a monitor
port?

2) Your diagram shows a PC in the middle connected to both the switch and
one of the hubs. This looks like it is acting as a router.  Is this the
case?

Also, in one of your responses you said that the machine you are running
scans from is one of the Linux systems.  Where is the system running snort
located?

Dave Goldsmith

-----Original Message-----
From: Devdas Bhagat [mailto:devdas () worldgatein net]
Sent: Tuesday, July 10, 2001 8:15 AM
To: Snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort not working in a multi hub environment?


On Tue, 10 Jul 2001, Thomas Whipp spewed into the ether:
> Are all the hubs the same speed?  You might have problems if
> you are on a slow segment.
Yes, all hubs are the same speed. Essentially, its like (bad ASCII art):
PC--|                        |--PC
PC--|--HUB--HUB--|--PC--Switch--
PC--|                        |--PC
(Win)                            (Linux)

All Linux machines scans are caught, no scans of Win machines are
reported. 

Devdas Bhagat

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users