|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tim Olson (Tim_at_5000feet.com)
Date: Tue Dec 03 2002 - 09:35:19 CST
Hi,
I'd like to set up snort to detect broadcasts only and then
have a way to tabulate the sources to see where most of them are
coming from. I've trimmed down my .rules section to the snort.conf
file, and created rules to detect broadcasts. Anyone else ever
set snort up to do this? If so, maybe give me some tips as to
getting a good display of the tabulation. So far I've only used
Snortsnarf and never dabbled in ACID or any other add-ons.
Give me some suggestions and I'll try them out.
Ultimately I'm just trying to discover the cause of excessive
broadcasts on our network. Our Cisco switches see maybe 10,000
in 5 minutes.
Tim
-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET
comprehensive development tool, built to increase your
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]