RE: Snort not working in a multi hub environment?

[Devdas Bhagat <devdas () worldgatein net>]

On Wed, 11 Jul 2001, dave.goldsmith () intelsat com spewed into the ether:
> Two possible problems.
>
> 1) It is not purely a hub environment.  You have shown a switch.  Have you
> configured the switch to span all traffic to/from any port to a monitor
> port?
The switch goes to the internet. The PC shown in the middle is the LAN
gateway. I'm scanning within the LAN. 

> 2) Your diagram shows a PC in the middle connected to both the switch and
> one of the hubs. This looks like it is acting as a router.  Is this the
> case?
Yes.
 
> Also, in one of your responses you said that the machine you are running
> scans from is one of the Linux systems.  Where is the system running snort
> located?
On another Linux box. 
<snip>
> PC--|                        |--PC (Scanner, my machine)
> PC--|--HUB--HUB--|--PC--Switch--
> PC--|                        |--PC (snort machine)
> (Win)                            (Linux)

Devdas Bhagat
--
And do you think (fop that I am) that I could be the Scarlet Pumpernickel?

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users