Snort mailing list archives
Has anyone used snort as engine for snmp agent i.e. an RMON probe
From: "Raymond Jacob" <jacob_raymond () hotmail com>
Date: Fri, 13 Jul 2001 23:45:42 -0000
I know that most rmon2 probes on router and switches don't fully implement the RMON2 MIB. I have not completely read the RMON2 MIB so please don't flame me if this is a stupid question: Has anyone implemented tried to set up box with two interfaces one interface has an ip address(active) connected to an private network or an stunnel back to the snmp management station. The other interface (passive) does not have an ip address -as an aside if the passive side could generate icmp, udp traffic, to send pings and traceroutes to verify connectivity that would make such a device an excellent Network Monitoring device. The router downstream from the passive interface would have policy routing turned and route return traffic to a null interface.- The box would a public domain snmp agent like snmpd that would respond to snmpget RMON2 request and send RMON2 snmptraps to the snmp manager. The requests and traps would pull the information from the snort capture file. If anyone has not is there any reason why snort has been mainly limited to IDS and not network monitoring? Thank you, Raymond _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Has anyone used snort as engine for snmp agent i.e. an RMON probe Raymond Jacob (Jul 13)