Intrusion Detection using snort

Hi all,

I have recently installed Snort, Base, MySQL, And Apache2 On Ubuntu
7.10, in hopes to detect potential intrusions in my network.

The problem is, I have it installed in my personal computer and I
would like to get a report of the complete network.
I was wondering if this was possible, and where the machine would have
to be in the network (ie, in relation to the firewall).

I have ntop working in my machine and it seems to be picking up
traffic from all of the internal network, so I thought snort would be
able to give me a similar result ..

On Nov 22, 8:08 pm, Ivan <find.i...@gmail.com> wrote:
> Hi all,
>
> I have recently installed Snort, Base, MySQL, And Apache2 On Ubuntu
> 7.10, in hopes to detect potential intrusions in my network.
>
> The problem is, I have it installed in my personal computer and I
> would like to get a report of the complete network.
> I was wondering if this was possible, and where the machine would have
> to be in the network (ie, in relation to the firewall).
>
> I have ntop working in my machine and it seems to be picking up
> traffic from all of the internal network, so I thought snort would be
> able to give me a similar result ..

Hi Ivan,

I also have snort in my network. So, I placed snort in parallel with
my firewall inside my network. The problem is: how to have the traffic
going to the IDS sensors in switched network? The best approach is to
have a port mirroring capable switch. I don't know how Ntop works but,
if it work as snort, sniffing packet in the network he is into, sure
snort will do so.