Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort for Broadcast Detection counts only

From: Tim Olson <Tim () 5000feet com>
Date: Tue, 03 Dec 2002 09:35:19 -0600
Hi,

I'd like to set up snort to detect broadcasts only and then
have a way to tabulate the sources to see where most of them are
coming from.   I've trimmed down my .rules section to the snort.conf
file, and created rules to detect broadcasts.   Anyone else ever
set snort up to do this?  If so, maybe give me some tips as to
getting a good display of the tabulation.  So far I've only used
Snortsnarf and never dabbled in ACID or any other add-ons.
Give me some suggestions and I'll try them out.

Ultimately I'm just trying to discover the cause of excessive
broadcasts on our network.  Our Cisco switches see maybe 10,000
in 5 minutes.

Tim



-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET comprehensive development tool, built to increase your productivity. Try a free online hosted session at: 
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: