Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Promiscious mode + Win2k

From: Erek Adams <erek () snort org>
Date: Fri, 13 Jun 2003 09:02:20 -0400 (EDT)
On Fri, 13 Jun 2003, [iso-8859-1] darniot benjamin wrote:


I want to use Snort (or windump...) as a Packet logger under Win2k. I
have installed Winpcap 3.0 to capture IP trafic. My computer belongs to
a small local network (192.168.1.0/24) connected by a hub.  When i start
Snort or another packet logger, i see only broadcast or trafic to my
computer. I don't understand why my network's card are not in
promiscious mode. However, Winpcap seems to be correctly installed.  I
want to see all the local network's trafic (it's a Hub so it should
work??). If someone got an idea.


It may not be a hub as you expect.  If it's an "auto-sensing 10/100mb"
hub, then it's not going to work (most likely).  Those 'hubs' are actually
_two_ hubs (10 and 100mb) that are bridged together.  If you plug a 10mb
connection, you can "see" only 10mb traffic.  If it's 100mb you can only
see 100mb traffic.

Check the FAQ.  :)

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: