Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: External snort monitoring

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 8 Aug 2001 10:16:46 -0700 (PDT)
On Wed, 8 Aug 2001, Larry E. Smith Jr. wrote:


I have my cable modem hooked into a Linksys 5 port hub and I also have a
snort sensor configured on the hub to catch all traffic coming to my
network. from the 5 port hub it connects into a Linksys router which is
where my server is located. my question is why can i catch traffic on my
internal snort sensor connected to the Linksys router, but all I can see
are ARP requests on the external snort sensor which is connected to the
hub? anyone have any ideas?


If I'm going to _guess_, I'd say that you're using a 10/100mb auto sensing
hub.  Many of those little dudes will segregate traffic from 10mb from 100mb.
Almost like two hubs in the same box.  It's getting harder and harder to find
something that can see all the traffic on your network that's 'just a plain
hub.'

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: