Re: snort question

To: <debian-user@lists.debian.org>
Subject: Re: snort question
From: "nate" <debian-user@aphroland.org>
Date: Tue, 12 Feb 2002 10:26:40 -0800 (PST)
Message-id: <[🔎] 61968.63.121.110.34.1013538400.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 000001c1b3e9$35332260$da01a8c0@tin>
References: <[🔎] 000001c1b3e9$35332260$da01a8c0@tin>

<quote who="justin cunningham">
> Hi, I haven't used snort before and wanted to see where the
> incoming traffic to my external ip is coming from.  Can I do this
> with a machine behind the router?  I mean, the deb machine is
> sitting on a 192x and I want to see the incoming traffic on the
> external ip.  Is this possible or do I have to have the box before
> the router or should I just stick with tcpdump?  Thanks for any
> suggestions, justin

if you just want to view where traffic is comming from
then stick to tcpdump. or if you want an easier to read realtime
view try iptraf. snort is only designed to show specific events,
it won't show everything.

as for where to put the machine, if you want to catch
EVERYTHING it should be inbetween your router and the rest
of your network(i personaly use freebsd 4.4 with bridged interfaces
to accomplish this).

otherwise just run the program on each of your individual machines.

nate

Reply to:

References:
- snort question
  - From: "justin cunningham" <jcunningham@engine8.com>

Prev by Date: Re: html mode
Next by Date: RE: Package a single binary.
Previous by thread: snort question
Next by thread: First boot hangs on PCMCIA services after install
Index(es):
- Date
- Thread