Snort mailing list archives
Re: wireless router with 4 port switch
From: twig les <twigles () yahoo com>
Date: Wed, 19 Nov 2003 16:59:06 -0800 (PST)
--- Matt Kettler <mkettler () evi-inc com> wrote:
At 06:04 PM 11/18/2003, Fred McFeeters wrote:i have a wireless router with 4 port switch. i would like toset snort upso that it can monitor the switch traffic and also thewireless. so icould see if some one was attacking my wireless. can it bedone? It's impossible to monitor switch traffic on a cheapo 4-port switch, without using something like macof to beat it into behaving like a hub. Sorry, but the very nature of what a switch is prevents monitoring the switch by the normal snort methods. All snort will see is traffic going out the switch port that your snort box is connected to, and some broadcast arp traffic.. it will not see anything else. As for the wireless, that's out of my realm, but you've got other problems to deal with first, such as understanding what a switch is and how a sniffer works in the first place.
But all is not lost. I have a little Netgear thingy (Cisco box gave out after a decade) and I sniff quite nicely by daisy-chaining a switch to it. A hub would work too. You just won't get any traffic from boxes that are plugged directly into the wireless router/switch, but that's a pretty easy problem to get around (don't plug stuff into it). ===== ----------------------------------------------------------- Get a taste of Religion ... eat a priest! ----------------------------------------------------------- __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- wireless router with 4 port switch Fred McFeeters (Nov 18)
- Re: wireless router with 4 port switch Matt Kettler (Nov 19)
- Re: wireless router with 4 port switch twig les (Nov 19)
- Re: wireless router with 4 port switch Matt Kettler (Nov 19)