Re: How to place Snort machine on the network ?

[skadhi () ib-group com (skadhi)]

On Tue, 2002-01-08 at 12:49, Syed Tariq Mustafa wrote:
> Hi All,
>
> I am new to the Snort stuff. But I have managed to install and test it. Its
> working fine as far as running it is concerned. I set the eth0 LAN
> connection to PROMISCIUS mode, which is then supposed to capture all network
> traffic.
>
> But it is not happening so if you use " snort -v " to display the traffic on
> your screen.
>
> All I could see is the broadcast traffic. Say a packet from 192.168.0.10 to
> 192.168.0.255 but machine to machine communication isn't just appearing !!!
>
> I am connected to the network using a Cisco 2912 switch and have set one of
> its port to Monitoring Port. Now I am not sure if it is properly set as
> monitoring port or not ... !!!
>
> Can someone tell me what is the cause of this problem.
well if you see only the broadcast traffic & you have that 2912 switch
then the switch is likely to be misconfigured. To confirm this, turn off
snort & launch tcpdump then send some traffic from one host to another
(without involving the snort box of course). 

HTH

-- 
/Saad Kadhi --  [skadhi () ib-group com] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users