Snort mailing list archives
Re: Troubles With Multiple Sensors
From: Erek Adams <erek () snort org>
Date: Fri, 24 Oct 2003 14:36:03 -0400 (EDT)
On Thu, 23 Oct 2003, Tim Rohrer wrote:
I am looking for more help as I continue to learn this thing : ) I have added a second NIC to the computer I am using for snort and have connected it to the shared uplink port on my switch (I am trying to confirm with the manufacturer that this port gets broadcasted traffic). I gave the NIC an IP address not on my home network. To test, I issued the command:
Uplink usually means just that. The 'upstream' link back to the 'network'. I don't think it's going to do what you want. (See below)
snort -v -i eth1 but I am not getting anything at all.
Try:
snort -dv -i eth1
Instead. The d tells Snort to decode and v tells it to print on the
screen.
Do I need to be doing something different to test a second sensor? Is the fact that I am not detecting any traffic a good sign that the uplink port IS NOT doing what I hoped? I had tried placing an inexpensive 10M hub between my cable modem and the router but the cable modem would not pass any traffic to the hub. : (
Unless your cable modem is spitting out ethernet frames on the backside, and you don't need anything else to get online, then it won't work. If you can't connect a ethernet cable into the back of your cable modem and then connect that to a computer, and get network--You won't see any traffic. Some of those cable modems depend on a router on the back side to actually do translation into the ether frames instead of doing it by thierself. There are other possiblities, but that's usually the most common. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Fwd: Troubles With Multiple Sensors Tim Rohrer (Oct 23)
- <Possible follow-ups>
- Troubles With Multiple Sensors Tim Rohrer (Oct 24)
- Re: Troubles With Multiple Sensors Erek Adams (Oct 24)
- Re: Troubles With Multiple Sensors Tim Rohrer (Oct 25)
- Re: Troubles With Multiple Sensors Erek Adams (Oct 24)
- Re: Troubles With Multiple Sensors Shawn Truax (Oct 24)
- Re: Troubles With Multiple Sensors Erek Adams (Oct 24)