Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort lan sniff

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Mon, 16 Feb 2015 19:57:24 +0000
Hello Bruno,

        You will need to span the traffic to your sniffing interface. If your box is connected to a switch the switch 
wont forward traffic to your nic by default (only broadcast traffic). 

Or.. you could connect all of your boxes to a hub (not recommended :-) )...

Hope this helps!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046 
Phone: (office) 443.430.7112
Email: allewi () cisco com 


-----Original Message-----
From: Dario Bruno [mailto:dario.bruno () libero it] 
Sent: Monday, February 16, 2015 2:39 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort lan sniff

Hello everybody,
I'm using Snort 2.9.7.0 on Ubuntu 14.04
All works fine when I sniff traffic on my nic (eth0) but I would like to sniff packets on the lan (i.e. http to the 
router inside interface).
I tried putting my nic in promiscuous mode but I still just able to sniff the traffic only to/from my interface (eth0).
Thank you for your help
Best regards
--
Dario Bruno
PGP key: 0x8D83F768
(keys.gnupg.net)

========================================================================

ATTENZIONE!!
Il presente messaggio ha contenuto confidenziale, e la sua lettura, allegati compresi, e' riservata esclusivamente ai 
destinatari previsti.
Nel caso riteniate di non essere uno dei destinatari previsti, siete pregati di distruggere il messaggio e di 
informarne il mittente.

WARNING!!
This message contains confidential information, and it is intended to be read, attachments included, only by intended 
recipients.
If you believe not to be one of the intended recipients, please destroy the message and inform the sender.

========================================================================

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business 
Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology 
previously reserved for billion-dollar corporations, FREE 
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: