Re: capturing intrusion to all networks

["Sean Lazar" <slazar () cruzio com>]

Are you on a switched network? A switch dosen't pass traffic to all ports.
You can use a hub or if your switch is manageable use port mirroring. Also
check your snort.conf file and see what EXTERNAL_NET is set to. Depending on
the location of the sensor, you may want to set it to any.

Sean

----- Original Message ----- 
From: "toor nimda" <rsc () cybees com>
To: <snort-users () lists sourceforge net>
Sent: Wednesday, September 17, 2003 7:59 PM
Subject: [Snort-users] capturing intrusion to all networks


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi.
>
> I have installed snort 2.0.1 on redhat 9.0. How can I capture all
intrusion on
> all networks x.x.x.x/19. what i can see only is the intrusion on the local
> machine where i installed snort. any help pls :)
>
> tia
> ruds
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE/aR+hq+lG/m5H17wRArzGAKDcnCYUVvIL1D6dPA6Ng09sUZEq7wCg3eNv
> oVE1ehB9suUe7YYPrGiAWns=
> =H/0+
> -----END PGP SIGNATURE-----
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users