Snort mailing list archives
Re: Snort in VMware
From: "M. Morgan" <mikemorgan () mindspring com>
Date: Thu, 19 Feb 2004 13:22:50 -0500 (GMT-05:00)
Yeah, I thought that was obvious enough. -----Original Message----- From: Jeff <jcoppock1 () comcast net> Sent: Feb 18, 2004 7:48 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort in VMware M. Morgan, 2004-Feb-18 14:49 -0500:
You need to have snort plugged into a "spanned" or "mirrored" port for it
to see all of the traffic on that hub/switch/router. You should be able to
use "tcpdump" in Red Hat to get a look at the real time traffic on your
eth card.
Actually, you would need a mirrored port on a switch since switches bridge between ports, and a router since routers either bridge or route between ports. But, mirroring is not done on hubs since hubs repeat all traffic to every port. Just a minor knitpick clarification...jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort in VMware Brian McNeilly (Feb 18)
- Re: Snort in VMware Stephen W. Thompson (Feb 19)
- <Possible follow-ups>
- RE: Snort in VMware Douglas McCrea (Feb 18)
- Re: Snort in VMware M. Morgan (Feb 18)
- Re: Snort in VMware Jeff (Feb 18)
- RE: Snort in VMware DM (Feb 19)
- Re: Snort in VMware Brian McNeilly (Feb 19)
- Re: Snort in VMware M. Morgan (Feb 19)
- Re: Snort in VMware Mark Fagan (Feb 19)
- OT: Re: Snort in VMware/hubs Jeff (Feb 19)
- Re: Snort in VMware Michael Stone (Feb 23)
- Re: Snort in VMware Mark Fagan (Feb 19)