Snort mailing list archives
Re: Application proxy firewall?
From: Erek Adams <erek () snort org>
Date: Thu, 20 Feb 2003 11:53:21 -0500 (EST)
On Thu, 20 Feb 2003, Brian Conte wrote:
Will snort v1.9 that is watching traffic behind an application proxy firewall see the internal interface of the firewall as the SRC or DEST for any traffic going through the firewall or is snort capable of finding the real IP that the traffic is going to? If snort is capable of doing this, can someone point me to some documentation on this feature?
Snort is capable of reading frames off of the wire. Inside the frame there is a src and a dst IP. How your firewall may or may not rewrite the packets... That's something to ask your firewall vendor. :) Simple test. Open two windows/shells. In one, start snort in sniffer mode. "snort -vd" Then in the other window type "ping -c 5 12.129.193.235" (that's route-server.cerf.net). You'll have 5 packets sent, and 5 returned. You should be able to see rather quickly if the IP is being changed by your Firewall. Don't want to or can't use ping? Fire up a browser at google.com. Finding out will take all of about 2 seconds. :) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Application proxy firewall? Brian Conte (Feb 20)
- Re: Application proxy firewall? Demetri Mouratis (Feb 20)
- Re: Application proxy firewall? Erek Adams (Feb 20)
- <Possible follow-ups>
- RE: Application proxy firewall? Drew Stockman (Feb 20)