Snort mailing list archives
RE: Snort running stealth on Win2k
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Fri, 4 Jan 2002 17:12:25 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris, what exactly happens when you throw the tap in the mix? W2K/NT4 should not have any problems with taps. (I myself use the read-only cable, no problem with W2K). Regards, Frank - -----Original Message----- From: Chris Arsenault [mailto:carsenault () firstedcu org] Sent: Friday, January 04, 2002 4:15 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort running stealth on Win2k Currently, we are running Snort 1.8.1 on Windows 2000 with 2 3 COM 3C905B NICS in the box. I was going to use one as a stealth/monitoring interface and one in order to provide access to the ACID management interface to everyone in IS. We purchase a tap from http://www.shomiti.com I have data coming from a 3com hub that works great with the win2k sensor NIC until I throw the tap into the mix. Anyone get this going? I have read through the FAQ and various documentation on creating a listening only Ethernet wire or using a tap but no luck on Windows 2000. Anyone have any detailed information on this or using this particular tap with Windows 2000? Thanks, Chris -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBPDY22MzYtOFvgXQfEQKxrwCfX9Eyt5GNmFIp+oyGCG0ZUbRctOgAoIdP dI7wSeMqUNUrDBPX9vjNDtY2 =E44z -----END PGP SIGNATURE-----
Current thread:
- Snort running stealth on Win2k Chris Arsenault (Jan 04)
- <Possible follow-ups>
- RE: Snort running stealth on Win2k Frank Knobbe (Jan 04)