Snort mailing list archives
RE: External snort monitoring
From: swilcoxon () iqmarketing com
Date: Wed, 8 Aug 2001 12:36:27 -0500
Dual speed hubs act like a switch between the two different speeds. If your two machines are at different speeds you won't see the other traffic. S.W.
-----Original Message----- From: Larry E. Smith Jr. [mailto:lsmithjr () monster-solutions net] Sent: Wednesday, August 08, 2001 12:01 PM To: Frank McPherson Cc: Snort List (E-mail); Snort Users Subject: Re: [Snort-users] External snort monitoring It shows in the system log as going into promiscuous mode. and I called Linksys to verify that this is a hub and not a switch. and i do not need to set an IP for the sensor correct? ----- Original Message ----- From: "Frank McPherson" <fhmiv () mac com> To: "Larry E. Smith Jr." <lsmithjr () monster-solutions net> Cc: "Snort List (E-mail)" <snort-users () lists sourceforge net>; "Snort Users" <snort-users () sourceforge net> Sent: Wednesday, August 08, 2001 12:11 PM Subject: Re: [Snort-users] External snort monitoring Two ideas: The ethernet interface on your external snort sensor is not in promiscuous mode; or your "hub" is really a switch. On Wednesday, August 8, 2001, at 11:12 AM, Larry E. Smith Jr. wrote:I have my cable modem hooked into a Linksys 5 port hub andI also havea snort sensor configured on the hub to catch all trafficcoming to mynetwork. from the 5 port hub it connects into a Linksysrouter which iswhere my server is located. my question is why can i catchtraffic onmy internal snort sensor connected to the Linksys router,but all I cansee are ARP requests on the external snort sensor which isconnected tothe hub? anyone have any ideas?_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- External snort monitoring Larry E. Smith Jr. (Aug 08)
- Re: External snort monitoring Frank McPherson (Aug 08)
- Re: External snort monitoring Frank McPherson (Aug 08)
- Re: External snort monitoring Larry E. Smith Jr. (Aug 08)
- Re: External snort monitoring George D. Nincehelser (Aug 08)
- Re: External snort monitoring Erek Adams (Aug 08)
- Re: External snort monitoring Security @ Monster-Solutions.Net (Aug 08)
- <Possible follow-ups>
- RE: External snort monitoring swilcoxon (Aug 08)
- FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Dragos Ruiu (Aug 08)
- RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Franki (Aug 08)
- RE: FAQ 10/100 Hubs Block Other Speed Traffic Erek Adams (Aug 08)
- RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Rich Adamson (Aug 08)
- Re: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Ramin Alidousti (Aug 08)
- RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) Jason (Aug 08)
- RE: RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) James Friesen (Aug 09)
- RE: RE: FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: [Snort-users] External snort monitoring) James Friesen (Aug 10)
- Question? James Friesen (Aug 10)
- Re: Question? Jed Pickel (Aug 10)
- FAQ 10/100 Hubs Block Other Speed Traffic (was: RE: External snort monitoring) Dragos Ruiu (Aug 08)