Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort deployment on a switch environment...

From: "Edwin Pua" <edwin1118 () hotmail com>
Date: Tue, 29 Jan 2002 03:51:30 +0000

Hi Sandro,
I have deployed my snort box in our switch as i need to monitor the traffic passing thru our router which is of course connected on the same switch (i enable "port monitoring"). I use the default snort rules and didn't change any to test if i can sniff or logs the incoming and outgoing packets passing on that router. My HOME_NET and EXTERNAL_NET point to any any as initial testing. So far, i can see different ip's logged under my /var/log/snort directory when i ran it in a packet logger mode (./snort -dv -l) but when i ran it under NIDS mode "./snort -b -A fast -c snort.conf", i couldn't see any alert logs and portscan logs when i did a simulation test using nmap. I wanted to use my snort box as NIDS in my network. Any suggestion to test my snort box in a switching environment? Did i deploy my snort box correctly? 
    Grateful for your response.

rgds,
Edwin
    I







_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: