NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2002-05

From: McCammon, Keith (Keith.McCammoneadvancemed.com)
Date: Fri May 03 2002 - 11:15:03 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you're on a hub, then you should get a copy of all traffic by default. However, it never hurts to test your promiscuous (monitoring) interface to ensure that it is operating properly. Perhaps try initializing snort from the command line in sniffer mode (snort -v) to ensure that you're actually capturing packets destined for other hosts on the segment.

-----Original Message-----
From: Emanuele Salvador [mailto:leleprofim.florida.it]
Sent: Friday, May 03, 2002 12:02 PM
To: snort-userslists.sourceforge.net
Subject: Re: [Snort-users] As a newbie, two questions

On Venerdì, maggio 3, 2002, at 05:32 , McCammon, Keith wrote:

> 2) your sensor is properly placed on a monitoring port on your switch,

What exactly should I check? I think the var $HOME_NET, set to any, is
right. And I'm testing the machines on a hub, not a switch since I read
that there may arise problems (and i still have to read manuals to see if
my switch supports mirroring).

Thanks,
Emanuele

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users

_______________________________________________________________

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]