Re: How to place Snort machine on the network ?

[Saad Kadhi <bsdguy () docisland org>]

On Tue, 2002-01-08 at 22:54, Greg Herlein wrote:
> > then the switch is likely to be misconfigured. To confirm this, turn off
> > snort & launch tcpdump then send some traffic from one host to another
> > (without involving the snort box of course). 
>
> Or just start snort in capture mode - 
>
>       snort -avd
>
> :)  I found snort initially because it was a much more readable
> packet sniffer than tcpdump format.  I got hooked on it's IDS
> capabilities, but still use it for capture all the time... though
> tethereal is nifty for it's higher layer analysis capabilites.
right but since the guy believes that snort might have sth to do with
the pb I advised him to use a completely different piece of software to
make sure:
1. his switch is configured correctly
2. snort has nothing to do with his pb (if he can't sniff with tcpdump
then the switch is probably misconfigured ;)

cheers.

-- 
/Saad --  [bsdguy () docisland org] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users