Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireless IDS monitoring using Snort

From: Jeremy Hoel <jthoel () gmail com>
Date: Tue, 16 Oct 2012 19:56:11 +0000
Well if you just wanted to monitor traffic from wires/wireless <->
outside then span the port that the outside connects on.  If you want
to watch traffic to/from wired to wireless then you span that port
also.  It depends on what you want to watch specifically.

So in your case, if your router is also the wifi, then no, you won't
see that traffic.  If you go:

Cable modem <-> switch <-> router/wifi <-> computers

and then just have the span port on the switch on either the cable
modem port or the router port, and you will see all the traffic.




On Tue, Oct 16, 2012 at 6:41 PM, Chuck DiRaimondi <charlesd81 () gmail com> wrote:

Stupid question and maybe I'm not thinking properly with regards to my home
network and lab topology...Can Snort be used to monitor both a wired and
wireless home network? In setting up my lab, I was going to place a Netgear
switch after my home router and use port mirroring to capture all the
traffic. So it would go cable modem, router, one cable from router to
switch, then each machine running off the switch, with the sensor being on a
port that is mirroring traffic. I'm assuming then that all traffic going
wirelessly out would be missed because it is skipping the switch where the
sensor is altogether. Am I right? Are there any ways to configure a home
network to use Snort to monitor both wired and wireless traffic?


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: