Re: New guy.

[Erek Adams <erek () snort org>]

On Mon, 7 Apr 2003, Mike wrote:

> Just signed up for this ML. Don't know about any rules or guide lines so
> bear with me. Anyways, I'm pretty new to both Linux and Snort (keeping an
> eye on HoneyD as well) and I guess my first question is kinda stupid:

Well....  There aren't any offical rules or guidelines for the list.  I
put together two documents that might help...  :)  The first is a 'How to
get a Useful Answer' text [0], and the second--Well, just read it [1].
;-)


> If I would like to monitor the activity on a network with all computers on
> the same subnet (the gateway is a firewall to the Internet). How would I set
> up Snort? On what computer can I run it to be able to listen to all traffic?
>
> I set up a test Snort but it would only see the traffic to the machine on
> which I ran it.

As others have said, that's perfectly normal depending on your setup.  The
short answer is:  You need a tap, a 'dumb' hub, or a switch with a
monitoring port.  Otherwise, you won't see anything except traffic
destined for that box or broadcast traffic.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://marc.theaimsgroup.com/?l=snort-users&m=104230179003344&w=2
[1]     http://www.theadamsfamily.net/~erek/snort/drinking_game.txt


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users