Snort mailing list archives
RE: detecting a sniff application
From: Rob Hughes <rob () robhughes com>
Date: 10 Jul 2002 07:14:25 -0500
On Tue, 2002-07-09 at 15:24, McCammon, Keith wrote:
Read the FAQ... http://www.snort.org/docs/faq.html#1.8 -----Original Message----- From: emil (needguide.com) [mailto:security () needguide com] Sent: Tuesday, July 09, 2002 4:15 PM To: 'Wissam Halawani'; snort-users () lists sourceforge net Subject: RE: [Snort-users] detecting a sniff application I was about to ask this question. Thanks Wissam. How will I be able to detect network intrusion in switch network? Thanks.
You'll either need to plug the switch and the snort box into a hub in order to detect traffic entering and leaving that segment, or plug the snort box into a monitor (mirror, whatever your vendor calls it) port on the switch to detect all traffic on that switch. -- Remember: the only difference between being the champ and the chump is u.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: detecting a sniff application Kevin Brown (Jul 09)
- <Possible follow-ups>
- detecting a sniff application Wissam Halawani (Jul 09)
- RE: detecting a sniff application emil (needguide.com) (Jul 09)
- Re: detecting a sniff application Ian Macdonald (Jul 10)
- RE: detecting a sniff application Hicks, John (Jul 09)
- RE: detecting a sniff application McCammon, Keith (Jul 09)
- RE: detecting a sniff application Rob Hughes (Jul 10)