Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: wireless router with 4 port switch

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 19 Nov 2003 19:09:51 -0500
At 06:04 PM 11/18/2003, Fred McFeeters wrote:
i have a wireless router with 4 port switch. i would like to set snort up so that it can monitor the switch traffic and also the wireless. so i could see if some one was attacking my wireless. can it be done?
It's impossible to monitor switch traffic on a cheapo 4-port switch, without using something like macof to beat it into behaving like a hub.
Sorry, but the very nature of what a switch is prevents monitoring the switch by the normal snort methods. All snort will see is traffic going out the switch port that your snort box is connected to, and some broadcast arp traffic.. it will not see anything else.
As for the wireless, that's out of my realm, but you've got other problems to deal with first, such as understanding what a switch is and how a sniffer works in the first place. 






-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: