Snort mailing list archives
Re: What can Snort listen for (again)? (steven)
From: "Joe Pampel" <joe () ardsley com>
Date: Mon, 22 Oct 2001 15:42:47 -0400
If the hosts in question are plugged into the same hub as the snort sensor you're good to go. If you are running on a switch you have to create a mirror port for snort (so it can see the traffic on the other ports). On a switched network you will see nothing but the snort hosts own traffic (netbios, ICMP etc) and broadcast junk unless you do this. HTH
Message: 5
Date: Tue, 23 Oct 2001 02:21:02 +0800 From: steven <steven () steven4u net> To: snort-users <snort-users () lists sourceforge net> Subject: [Snort-users] What can Snort listen for (again)? Hi, Sorry, I'v post a letter minutes ago, but I found the ascii chart was messed up. My question is, can I capture any traffic in the LAN which is not target to or send from the host which is running the snort? If possible, how to? Thanks in advance. -- steven home page: http://steven4u.net tel: +86 760 8320102 rfc-822: steven () steven4u net \|||/ (o o) ----ooO-(_)-Ooo-------- If money could talk, it would say - goodbye --__--__-- Message: 6 From: "james" <the_saint_james () yahoo com> To: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] What can Snort listen for (again)? Date: Mon, 22 Oct 2001 13:06:25 -0600 If you are using a hub, the hub repeats all traffic sent to it on all ports. This is the normal operation of a hub. So Snort can sniff all traffic on the hub if it is on any host attached to the hub. James Edwards jamesh () cybermesa com At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday Phone support 365 days till 10 pm via the Santa Fe office: 505-988-9200 or Toll Free: 888-988-2700 --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: What can Snort listen for (again)? (steven) Joe Pampel (Oct 22)
- Re: Re: What can Snort listen for (again)? (steven) Piotr Synowiec (Oct 22)
- <Possible follow-ups>
- RE: Re: What can Snort listen for (again)? (steven) Ryan Hill (Oct 22)