Snort mailing list archives
Issue with Wireless Monitoring
From: Paul K <paulk33243 () gmail com>
Date: Thu, 1 Apr 2010 11:09:49 -0600
Anyone have a good, recent link or article on completely setting up Snort for a wireless network? Here is my issue: - Using wlan0 (Atheros card) on a laptop and Snort starts just fine on the system, so no issues there. - Created a simple rule to look for nocase "google" - works like a champ on the local system - Above rule does not work to monitor other traffic on the same WAP as the laptop. - snort -v -d -i wlan0 will see the full packet captures from the other systems, including the full request to google and displays the google packet captures - However, no alerts are generated from the above connection to google on a different system - Can create a rule looking for traffic to/from another system's IP address and snort will capture and alert on traffic to/from the system. So basically, 'snort -v -d -i wlan0' will see all traffic from all systems on the WAP, a rule looking for traffic to/from a system on the WAP will trigger; however, Snort will not alert on content from other systems on the WAP... Am I missing something really trivial here, or is there a trick to getting wireless monitoring going? Thanks, Paul
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Issue with Wireless Monitoring Paul K (Apr 01)
- Re: Issue with Wireless Monitoring Alan Ptak (Apr 02)