Has anyone used snort as engine for snmp agent i.e. an RMON probe

["Raymond Jacob" <jacob_raymond () hotmail com>]

I know that most rmon2 probes on
router and switches don't fully
implement the RMON2 MIB. I have
not completely read the RMON2 MIB
so please don't flame me if this
is a stupid question:
Has anyone implemented tried
to set up box with two interfaces
one interface has an ip address(active)
connected to an private network or an stunnel
back to the snmp management station. The other
interface (passive) does not have an ip address
-as an aside if the passive side could generate
icmp, udp traffic, to send pings and traceroutes
to verify connectivity that would make such
a device an excellent Network Monitoring device.
The router downstream from the passive interface
would have policy routing turned and route return
traffic to a null interface.-
The box would a public domain snmp agent
like snmpd that would respond
to snmpget RMON2 request and
send RMON2 snmptraps to the
snmp manager. The requests
and traps would pull the
information from the snort capture
file.

If anyone has not is there any reason why snort
has been mainly limited to IDS and not
network monitoring?

Thank you,
Raymond

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users