Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Make Snort See SPAN

From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Fri, 18 Sep 2009 12:25:03 -0600
All that should be required is to call snort with -i ethX for it to see the SPAN port traffic (replace X with the 
number of the Ethernet adapter plugged into the SPAN port.

________________________________
From: Tom Smith [mailto:ts8807385 () gmail com]
Sent: Friday, September 18, 2009 10:44 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Make Snort See SPAN

Hi,

Snort newbie here. I have snort 2.8.4.1 running on FBSD 7.1. There are two Ethernet interfaces, one has an IP and is 
used to SSH into the box, the other is a SPAN port going to an Cisco 6509. Everything works OK, except I don't know how 
to make Snort monitor the SPAN. Right now, snort only sees traffic on the Ethernet interface. The SPAN is working. I've 
confirmed that with tcpdump. Any suggestions? I've Googled, but nothing came up.

Thanks

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: