Snort mailing list archives
Re: Snort not seeing everything
From: Eric Hines <eric.hines () appliedwatch com>
Date: Wed, 14 Jun 2006 10:06:19 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This doesn't look right. Why would you install a Tap, then hang the Snort sensor off the switch? The purpose of the tap is to tap in to the network and replace span ports on your switch. The Snort sensor is supposed to be hanging off the monitoring port of the Tap. Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC - --------------------------------------------- Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 ext:327 Direct: (847) 854-2725 ext:327 Fax: (847) 854-5106 Web: http://www.appliedwatch.com Email: eric.hines () appliedwatch com - -------------------------------------------- "Enterprise Open Source Security Management" fname lname wrote:
Our office resently moved to a new location and now my snort not seeing everything so it must be something I didnt setup right. They way I have it setup is right off of the pix inside cable its going to a passive tap that i build from the docs on snorts site from there its going to the networks switch. From that we have a few servers plugged in and another switch where a few more servers are and the lastly another switch where the workstations are plugged into. INTERNET---pix---TAP---switch1 | | IDS switch2 | switch3 The above drawing is how the network is setup based on funds; Based on the drawing if a workstation on switch3 goes to www.google.com should I see that traffic because I have a TAP in the inside wire of the pix which is the last route to the internet? Hmm, im thinking should I change the above network to look like this? INTERNET---pix---TAP---switch1---switch3 | | IDS switch2 Thank you for help in advance. ------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEkCXrbOqF2QHgUK0RAvE3AJ45MDsZvgh9R8/BdbOH0iFbUJ5ydgCZAcLm fFdeMbhnEfsv7BdDxGsZZAc= =pLQE -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort not seeing everything fname lname (Jun 14)
- Re: Snort not seeing everything Stephen John Smoogen (Jun 14)
- Re: Snort not seeing everything fname lname (Jun 14)
- Re: Snort not seeing everything Eric Hines (Jun 14)
- Re: Snort not seeing everything Stephen John Smoogen (Jun 14)
- Re: Snort + email alerts Denis Morejon Lopez (Jun 14)
- Re: Snort + email alerts Daniel Cid (Jun 14)
- Re: Snort + email alerts Denis Morejon Lopez (Jun 15)
- Re: Snort not seeing everything Stephen John Smoogen (Jun 14)
- Re: Snort not seeing everything fname lname (Jun 16)
- Re: Snort not seeing everything fname lname (Jun 16)
- Re: Snort not seeing everything Stephen John Smoogen (Jun 14)