Snort mailing list archives

RE: detecting a sniff application

From: Rob Hughes <rob () robhughes com>
Date: 10 Jul 2002 07:14:25 -0500

On Tue, 2002-07-09 at 15:24, McCammon, Keith wrote:

Read the FAQ...

http://www.snort.org/docs/faq.html#1.8

-----Original Message-----
From: emil (needguide.com) [mailto:security () needguide com]
Sent: Tuesday, July 09, 2002 4:15 PM
To: 'Wissam Halawani'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] detecting a sniff application


I was about to ask this question. Thanks Wissam.
How will I be able to detect network intrusion in switch network?
 
Thanks.


You'll either need to plug the switch and the snort box into a hub in
order to detect traffic entering and leaving that segment, or plug the
snort box into a monitor (mirror, whatever your vendor calls it) port on
the switch to detect all traffic on that switch. 

-- 
Remember: the only difference between
being the champ and the chump is u.

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

RE: detecting a sniff application Kevin Brown (Jul 09)
- <Possible follow-ups>
- detecting a sniff application Wissam Halawani (Jul 09)
  - RE: detecting a sniff application emil (needguide.com) (Jul 09)
  - Re: detecting a sniff application Ian Macdonald (Jul 10)
- RE: detecting a sniff application Hicks, John (Jul 09)
- RE: detecting a sniff application McCammon, Keith (Jul 09)
  - RE: detecting a sniff application Rob Hughes (Jul 10)