RE: Traffic flow

["RAJNEEL DHOTRE" <rajneel_d () hotmail com>]

Yes, that is true, i need to set the mirror port. But why i am not able to 
see the ICMP traffic and also i am using SSH to connect Snort Server, even 
that traffic i am not able to see.

Before putting Snort on Production i need to test it on LAN.


regards,
Rajneel





> From: "Lepich, Jesse A Mr GLWACH" <Jesse.Austin.Lepich () us army mil>
> To: 'RAJNEEL DHOTRE' <rajneel_d () hotmail com>
> Subject: RE: [Snort-users] Traffic flow
> Date: Tue, 28 Oct 2003 09:36:10 -0600
> MIME-Version: 1.0
> Received: from dasmthkhn463.amedd.army.mil ([192.138.24.92]) by 
> mc12-f18.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 28 Oct 
> 2003 07:59:20 -0800
> Received: by dasmthkhn463.amedd.army.mil with Internet Mail Service 
> (5.5.2656.59)id <VXVPP8QN>; Tue, 28 Oct 2003 09:36:49 -0600
> X-Message-Info: JGTYoYF78jEO+VXk3TyS+rZlv2Sx8nS/
> Message-ID: 
> <109DBBFC212ED5119BED00A0C9EA33180567D6A1 () dasmthgsh666 amedd army mil>
> X-Mailer: Internet Mail Service (5.5.2656.59)
> Return-Path: Jesse.Austin.Lepich () us army mil
> X-OriginalArrivalTime: 28 Oct 2003 15:59:20.0597 (UTC) 
> FILETIME=[72E25450:01C39D6C]
>
> You'll need to setup a mittored port so that snort can see all the traffic
> on the switch....
>
> -----Original Message-----
> From: RAJNEEL DHOTRE [mailto:rajneel_d () hotmail com]
> Sent: Tuesday, October 28, 2003 2:05 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Traffic flow
>
>
>
> Hi ,
>
> I am new to Snort, need some help. I have installed Snort on Redhat Linux 
> 9.
> After installation, when I open the Acid page. I cannot see any traffic
> flowing.
>
> TCP, UDP and ICMP are Zero percentage. I have kept a continuous ping from
> another machine to Snort Server.
> Snort Console Shows running with PID 1706.
>
> Snort server is connected on the Switch, but I have not enabled port 
> mirror.
>
> I am using Cisco 2950 switch, is this good for Snort IDS
>
>
>
>
> regards,
>
> Rajneel Dhotre
>
>
>   _____
>
> He's the fastest Indian.He's Narain Karthikeyan. Will he make it to F1?
> <http://g.msn.com/8HMAENIN/2734??PS=>
> ------------------------------------------------------- This SF.net email 
> is
> sponsored by: The SF.net Donation Program. Do you like what SourceForge.net
> is doing for the Open Source Community? Make a contribution, and help us 
> add
> new features and functionality. Click here: http://sourceforge.net/donate/
> _______________________________________________ Snort-users mailing list
> Snort-users () lists sourceforge net Go to this URL to change user options or
> unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Find your first love.Rekindle past joys! http://www.batchmates.com/msn.asp 
Get in touch with batchmates.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users