Re: Also new to Snort

[Chris Green <cmg () uab edu>]

"Geoff Hirschi" <snowulf () qwest net> writes:

> 1.  (*) text/plain          ( ) text/html           
>
> Hiya!
>  
> I am very new to Snort.  To compound my trouble, Snort is the first
> sniffer software I have ever tried to work with.
>  
> Primarily we are looking for a something that will give us real time
> indication of how our bandwidth is being used on our subnet. 

While there are some things that will let you keep stream4 stats and
there are some good patches to let keep snort keep this data, you
probably are interested in the reports.

http://ipaudit.sourceforge.net runs fairly good reports.

You might also consider looking at www.ntop.org.  For a fee, you can
get a windows binary or compile it for free.

> In the documentation on the website and in the readme I saw several
> refrences to using Snort as a bandwidth monitor, but I was not able
> to find any instructions on how to use it that way.  

Mind providing specific referecnes?

> I am perfectly willing and able to RTFM - but I cant seem to find
> the refrence in the FM that I need.  Can someone please point me to
> the starting point?  In case it matters, I am running the WindersNT
> version of Snort.
>  
> Regards,
>  
> Geoff 

-- 
Chris Green <cmg () uab edu>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users