Snort mailing list archives

Re: What can Snort listen for (again)? (steven)

From: "Joe Pampel" <joe () ardsley com>
Date: Mon, 22 Oct 2001 15:42:47 -0400


If the hosts in question are plugged into the same hub as the snort sensor you're good to go.
If you are running on a switch you have to create a mirror port for snort (so it can see the traffic
on the other ports). On a switched network you will see nothing but the snort hosts own traffic (netbios,
ICMP etc)  and broadcast junk unless you do this. 

HTH

Message: 5

Date: Tue, 23 Oct 2001 02:21:02 +0800
From: steven <steven () steven4u net>
To: snort-users <snort-users () lists sourceforge net>
Subject: [Snort-users] What can Snort listen for (again)?

Hi,

Sorry, I'v post a letter minutes ago, but I found the ascii chart was
messed up.

My question is, can I capture any traffic in the LAN which is not target
to or send from the host which is running the snort? If possible, how
to?

Thanks in advance.
--
steven

home page: http://steven4u.net 
tel:       +86 760 8320102
rfc-822:   steven () steven4u net 

       \|||/
       (o o)
----ooO-(_)-Ooo--------
If money could talk, it would say - goodbye

--__--__--

Message: 6
From: "james" <the_saint_james () yahoo com>
To: <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] What can Snort listen for (again)?
Date: Mon, 22 Oct 2001 13:06:25 -0600

If you are using a hub, the hub repeats all traffic sent to it on all ports.
This is the normal operation of a hub. So Snort can sniff all traffic on the
hub if it is on any host attached to the hub.

James Edwards
jamesh () cybermesa com 
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700

--__--__--

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net 
https://lists.sourceforge.net/lists/listinfo/snort-users 

End of Snort-users Digest

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: What can Snort listen for (again)? (steven) Joe Pampel (Oct 22)
- Re: Re: What can Snort listen for (again)? (steven) Piotr Synowiec (Oct 22)
- <Possible follow-ups>
- RE: Re: What can Snort listen for (again)? (steven) Ryan Hill (Oct 22)