Snort mailing list archives
Re: Listening openVPN
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Sun, 6 Dec 2009 12:42:20 -0500
On Sun, Dec 6, 2009 at 12:23 PM, Matt Olney <molney () sourcefire com> wrote:
When testing new listening setups, I use tcpdump to check what traffic I'm seeing. It uses the same underlying library that snort uses, and provides an immediate view of the traffic. Sent from my iPhone On Dec 6, 2009, at 11:41 AM, Andre Rodier <andre.rodier () red2 co uk> wrote:Hello everybody, After googling around, I can'f find any answer to my question. Is it possible to configure snort to listen on the virtual network adapter of OpenVPN (tap0) ? I have tried to configure snort to do this, but apparently this fail: var HOME_NET [10.10.1.0/24,192.168.0.0/24] 10.10.1/24 is the vpn network address, while 192.168.0.x is the physical network. I use nmap to start a portscan, and the result is accurate on both interfaces. However, the only logs from Snort I have are coming from the physical network interface 192.168.0.0/24, Do I have to do something special to authorise snort to listen this virtual interface ? Thanks. --- --- --- --------------------------------------------------------------------- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
If you use "snort -dev -i tap0" do you see the traffic you expect? -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Listening openVPN Andre Rodier (Dec 06)
- Re: Listening openVPN Matt Olney (Dec 06)
- Re: Listening openVPN Nigel Houghton (Dec 06)
- Re: Listening openVPN Andre Rodier (Dec 06)
- Re: Listening openVPN Andre Rodier (Dec 06)
- Re: Listening openVPN Nigel Houghton (Dec 06)
- Re: Listening openVPN Matt Olney (Dec 06)