Snort mailing list archives
Re: Question about Inline mode
From: Michael Altizer <maltizer () sourcefire com>
Date: Sun, 04 Dec 2011 23:14:56 -0500
On 12/04/2011 09:36 PM, Albert E. Whale wrote:
When using either NFQ or the DAQ modules, are the interfaces bonded together? I completely understand that the Management interface is assigned an IP Address, a gateway and a network (subnet mask). What happens to the two interfaces used in inline mode? If I place the sensor inline, are the interfaces numbered? DO I need to fully provide networking (routing) between the interfaces?
With the AFPacket DAQ module, the interfaces just need to be configured as "up" (ifconfig ethX up). The module opens the interfaces in promiscuous mode and will forward all packets received on each interface that are not blocked by the reader out the other. No further setup is required. If I recall correctly, the PFRing module works in much the same fashion. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question about Inline mode Albert E. Whale (Dec 04)
- Re: Question about Inline mode NA (Dec 04)
- Re: Question about Inline mode Albert E. Whale (Dec 04)
- Re: Question about Inline mode Michael Altizer (Dec 04)
- Re: Question about Inline mode John Liss (Dec 05)
- Re: Question about Inline mode Albert E. Whale (Dec 04)
- Re: Question about Inline mode NA (Dec 04)