For some reason Snort and Ethereal is not seeing source IP's that are from outside of my Network. When I go to a website, Snort and Ethereal picks it up, but it does not see any of the return packets. I am able to surf fine and have ruled out switch due to installing computer between the router and switch with same results. Any suggestions on what to enable to allow Snort and Ethereal to see incoming packets?
Run Snort or Ethereal on the machine you are using to surf
use a hub (not a switch) as an intermediate device like
-- HUB ---
................... | .............
A switch will only show you frames that are 1) destined for your sniffing machine specifically or
2) broadcast / multicast
Using a hub gives the Promiscuous NIC all of the traffic to see (because a hub repeats all traffic out all ports, a switch -unless it's flooding- will only connect the two ports that are talking to each other).
If you're on a Cisco switch, check out SPAN, which will allow you to mirror all traffic to another port (for just such a purpose) or if it's a 6500 series, maybe RSPAN will be helpful ... it allows you to mirror a port on another (remote) 6500.
I have Ethereal installed on the computer that I am typing this reply on and Ethereal is not seeing inbound traffic from outside the Network.
Network uses Alcatel Omni ATM switches. I have intalled a Linksys Workgroup Switch in between the router and the Alcatel switch and connected my sniffing PC to the Linksys WS with same results posted above. Normal Network config is sniffing PC is on the same Alcatel switch that the router is on. Both ports are in the same VLAn and mirrored the router port to the sniffing PC port. Neither config listed above works. Snort and Ethereal sees all internal Network traffic going outside the Network, but it is not seeing outside traffic coming into the Network.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...