Snort mailing list archives
Snort and switches??
From: "Edward Marshall" <edtech () tstt net tt>
Date: Fri, 29 Aug 2003 00:47:35 -0400
Thanks guys, for suggesting some good log analyzer for snort 2.0 /2.0.1 (Acid, barnyard, etc). A problem I am presently experiencing is that there is this company that has all their servers and end-user PCs connected directly to a series of switches (not Cisco). When I connect the Snort machine (Mandrake 9.1/ Snort 2.0.1) to the switch, it is not picking up all the network traffic. For example, when I run superscan on the network, snort does not log any activity into the scan.log or portscan.log files. But if I take that same snort machine and connect it to a 3com hub and connect a few other PCs to that same 3com hub as well and run superscan (on one of those PCs), snort will log all the superscan activity into the portscan.log and scan.log files. Does anyone have any suggestions or solutions as to how snort can detect all network traffic when connected to a switch?? Edward Marshall edtech () tstt net tt
Current thread:
- Snort and switches?? Edward Marshall (Aug 28)
- Re: Snort and switches?? Emre Bastuz (Aug 29)
- Re: Snort and switches?? Hugh Brown (Aug 29)
- Re: Snort and switches?? Dan Ferris (Aug 29)
- Re: Snort and switches?? Bryan Irvine (Aug 29)
- Re: Snort and switches?? Hugh Brown (Aug 29)
- Re: Snort and switches?? Erek Adams (Aug 29)
- Re: Snort and switches?? Emre Bastuz (Aug 29)