Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Issue with Snort and Ethereal

For some reason Snort and Ethereal is not seeing source IP's that are from outside of my Network. When I go to a website, Snort and Ethereal picks it up, but it does not see any of the return packets. I am able to surf fine and have ruled out switch due to installing computer between the router and switch with same results. Any suggestions on what to enable to allow Snort and Ethereal to see incoming packets?

This is on a 4500 series router with IOS 12.1

2 REPLIES
Green

Re: Issue with Snort and Ethereal

Run Snort or Ethereal on the machine you are using to surf

OR

use a hub (not a switch) as an intermediate device like

-- HUB ---

................... | .............

.................Sniffing PC......

A switch will only show you frames that are 1) destined for your sniffing machine specifically or

2) broadcast / multicast

Using a hub gives the Promiscuous NIC all of the traffic to see (because a hub repeats all traffic out all ports, a switch -unless it's flooding- will only connect the two ports that are talking to each other).

If you're on a Cisco switch, check out SPAN, which will allow you to mirror all traffic to another port (for just such a purpose) or if it's a 6500 series, maybe RSPAN will be helpful ... it allows you to mirror a port on another (remote) 6500.

Good Luck

Scott

Good Luck

New Member

Re: Issue with Snort and Ethereal

I have Ethereal installed on the computer that I am typing this reply on and Ethereal is not seeing inbound traffic from outside the Network.

Network uses Alcatel Omni ATM switches. I have intalled a Linksys Workgroup Switch in between the router and the Alcatel switch and connected my sniffing PC to the Linksys WS with same results posted above. Normal Network config is sniffing PC is on the same Alcatel switch that the router is on. Both ports are in the same VLAn and mirrored the router port to the sniffing PC port. Neither config listed above works. Snort and Ethereal sees all internal Network traffic going outside the Network, but it is not seeing outside traffic coming into the Network.

110
Views
0
Helpful
2
Replies
CreatePlease to create content