Snort mailing list archives
Re: port mirror with linux
From: Richard Bejtlich <taosecurity () gmail com>
Date: Sun, 14 Mar 2010 17:35:46 -0400
On Sun, Mar 14, 2010 at 3:02 PM, surman . <surmano.fumano () gmail com> wrote:
Hi ! I have a question. I have a linux box with 4 ethernet devices. This machine acts as router/ proxy / antivirus. I only use 3 ethernet devices, so I have 1 free port. I want to attach a snort box to this port. How can I configure a "port span/mirror" on the linux box? The snort box (192.168.3.100) needs to "see" all traffic passing through all router ethernet devices.
Hello, Seeing all interfaces at the same time isn't the greatest idea. However, if you really want to do that, you could try running one or more instances of Daemonlogger against the interface of interest and redirect the traffic to another interface where your Snort system is connected and listening. Sincerely, Richard ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- port mirror with linux surman . (Mar 14)
- Re: port mirror with linux Richard Bejtlich (Mar 14)
- Re: port mirror with linux phillip bailey (Mar 15)
- Re: port mirror with linux Richard Bejtlich (Mar 14)