Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Configuration issue, Part II

From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 24 Sep 2001 06:34:19 -0700 (PDT)
On Mon, 24 Sep 2001, Greg Sarsons wrote:


Okay I've got snort running collecting a big binary dump file and not
doing anything else but it is on a machine running iptables (the dump
file will be looked at latter on another machine).  So is it the case
that much of the traffic will be killed by iptables even if snort is
running in promiscuous mode?


Yes.


Does that mean that I have to take down my iptables firewall to collect
everything?


Yes.  To make it simpler, put snort on a box by itself.  Set it outside your
firewall with a recieve only cable and no IP on the interface.  All will be
good.  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: