Snort mailing list archives
Re: Snort not seeing everything
From: "fname lname" <larskman () gmail com>
Date: Wed, 14 Jun 2006 15:56:51 -0400
Ok, im on site now and I found the problem. The network is configure like below: INTERNET---pix---TAP---switch1---switch3 | | IDS switch2 And the proble was someone had the tap on the a server and not the inside pix. lol Problem solved and I am seeing all traffic now. Thanks! On 6/14/06, fname lname <larskman () gmail com> wrote:
The tap is tapping into the wire that is leaving the inside port of the pix. For the pix it goes to the tap and out of the tap it goes to the switch. The switch are not smart switches so that is why i am using a tap. On 6/14/06, Stephen John Smoogen <smooge () gmail com> wrote: > On 6/14/06, Eric Hines <eric.hines () appliedwatch com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > This doesn't look right. Why would you install a Tap, then hang the > > Snort sensor off the switch? The purpose of the tap is to tap in to > the > > network and replace span ports on your switch. The Snort sensor is > > supposed to be hanging off the monitoring port of the Tap. > > > > I do not see where he is putting the snort sensor on the switch. The > IDS seems to stay in the same spot.. the last jump out/first jump in. > > -- > Stephen J Smoogen. > CSIRT/Linux System Administrator >
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort not seeing everything fname lname (Jun 14)
- Re: Snort not seeing everything Stephen John Smoogen (Jun 14)
- Re: Snort not seeing everything fname lname (Jun 14)
- Re: Snort not seeing everything Eric Hines (Jun 14)
- Re: Snort not seeing everything Stephen John Smoogen (Jun 14)
- Re: Snort + email alerts Denis Morejon Lopez (Jun 14)
- Re: Snort + email alerts Daniel Cid (Jun 14)
- Re: Snort + email alerts Denis Morejon Lopez (Jun 15)
- Re: Snort not seeing everything Stephen John Smoogen (Jun 14)
- Re: Snort not seeing everything fname lname (Jun 16)
- Re: Snort not seeing everything fname lname (Jun 16)
- Re: Snort not seeing everything Stephen John Smoogen (Jun 14)