Snort mailing list archives

Re: Enable Snort To Detect NIDS

From: Erek Adams <erek () snort org>
Date: Wed, 8 Jan 2003 11:52:18 -0500 (EST)

On Wed, 8 Jan 2003, Pathmenanthan Ramakrishna wrote:

im using snort version 1.9.when i start the snortd deamon it enables the
snort and captures data that direct to the server.

how to enable the snort to capture the entire LAN traffic? currently
when i perform an attack to the host(where snort running)i can see
values at the ACID Console.

what if when the snort is running,i want it to detect other host
activities as well.

how do i do that?


If you are on a switch, setup 'port mirroring' or if a Cisco switch a
'SPAN port'.  If on a hub, make sure it's not 'autosensing 10/100' and
just a 'dumb hub' (FAQ 6.21 [0]).  Otherwise, use a pair of 'ethernet
taps'.

Check out the docs under 'IDS Deployment Guides' [1].  It's really amazing
what you can find if you look.

Oh, and take a penalty drink.  ;-)

-----
Erek Adams

   "When things get wierd, the wierd turn pro."   H.S. Thompson


[0]     http://www.snort.org/docs/faq.html#6.21
[1]     http://www.snort.org/docs/#deploy


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Enable Snort To Detect NIDS Pathmenanthan Ramakrishna (Jan 08)
- Re: Enable Snort To Detect NIDS Erek Adams (Jan 08)
- Re: Enable Snort To Detect NIDS Benjamin Wall (Jan 09)