Snort mailing list archives
Re: snort lan sniff
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Mon, 16 Feb 2015 19:57:24 +0000
Hello Bruno, You will need to span the traffic to your sniffing interface. If your box is connected to a switch the switch wont forward traffic to your nic by default (only broadcast traffic). Or.. you could connect all of your boxes to a hub (not recommended :-) )... Hope this helps! Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com -----Original Message----- From: Dario Bruno [mailto:dario.bruno () libero it] Sent: Monday, February 16, 2015 2:39 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snort lan sniff Hello everybody, I'm using Snort 2.9.7.0 on Ubuntu 14.04 All works fine when I sniff traffic on my nic (eth0) but I would like to sniff packets on the lan (i.e. http to the router inside interface). I tried putting my nic in promiscuous mode but I still just able to sniff the traffic only to/from my interface (eth0). Thank you for your help Best regards -- Dario Bruno PGP key: 0x8D83F768 (keys.gnupg.net) ======================================================================== ATTENZIONE!! Il presente messaggio ha contenuto confidenziale, e la sua lettura, allegati compresi, e' riservata esclusivamente ai destinatari previsti. Nel caso riteniate di non essere uno dei destinatari previsti, siete pregati di distruggere il messaggio e di informarne il mittente. WARNING!! This message contains confidential information, and it is intended to be read, attachments included, only by intended recipients. If you believe not to be one of the intended recipients, please destroy the message and inform the sender. ======================================================================== ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort lan sniff Dario Bruno (Feb 16)
- Re: snort lan sniff Al Lewis (allewi) (Feb 16)