Snort mailing list archives
Re: Snort startup with multiple interfaces
From: "Jade E. Deane" <jade.deane () riven net>
Date: 10 Sep 2003 20:53:01 -0500
How about a FreeBSD machine being used as a sensor, where the ingress and egress traffic comes in mirrored on different interfaces. I have a physical Ethernet tap that takes TX traffic to NIC 1, and RX traffic to NIC 2. I run separate snort instances for each.... to me, this is, well, stupid. There must be a better way, or a method of combinging the TX/RX data to one logical interface, in lieu of using a switch SPAN or mirror port. Regards, Jade On Wed, 2003-09-10 at 11:12, J.Mann wrote:
Since I have 4 eth commands there, will Snort take them all and listen on each interface?This is mentioned in the FAQ: http://www.snort.org/docs/faq.html#3.4 Regards, Jon Mann On Wed, Sep 10, 2003 at 11:11:28AM -0400, Frye, Dan wrote:I'm running Snort 2.01 on linux. I'm using the command line: /app/snort/bin/snort -U -d -D -c -o /app/snort/snort.conf -i eth0 -i eth1 -i eth3 -i eth4 Since I have 4 eth commands there, will Snort take them all and listen on each interface? I don't have my taps yet so I can't test it, but am hoping someone can confirm or deny this config. Thanks. d ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- PGP Public Key: http://www.riven.net/~moose/key.asc Key fingerprint = C497 1FEC 6FC4 6896 6AB5 9A26 71DF 521B 0612 D1B8
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Snort startup with multiple interfaces Frye, Dan (Sep 10)
- Re: Snort startup with multiple interfaces J.Mann (Sep 10)
- Re: Snort startup with multiple interfaces Jade E. Deane (Sep 10)
- Re: Snort startup with multiple interfaces Douglas Hart (Sep 11)
- Re: Snort startup with multiple interfaces Jade E. Deane (Sep 10)
- <Possible follow-ups>
- Re: Snort startup with multiple interfaces Matt Kettler (Sep 10)
- Re: Snort startup with multiple interfaces J.Mann (Sep 10)