Snort mailing list archives

Using Snort with a virtual ethernet device (tap0)

From: "Arjan van Leeuwen" <avleeuwen () dynamicsolutions nl>
Date: Wed, 13 Feb 2002 13:21:25 +0100

I'm trying to setup Snort on my FreeBSD firewall system, and have it listening on a virtual ethernet connection. The 
virtual ethernet connection is tap0 with ip address 192.168.0.1 (see http://vtun.sourceforge.net/tun/ for more info). I 
use IPFilter as a firewall - it duplicates blocked packets to tap0 for further processing, so that snort can read it. 
Or that's what I tought.

If I run snort in verbose mode on the tap0 interface (snort -v -i tap0), not a single packet passes tap0. Even when I'm 
ssh-ing from the machine itself to address 192.168.0.1, nothing appears. Does someone have even a remote idea of what's 
happening here? I've been puzzling for quite some time now...

Thanks.




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Using Snort with a virtual ethernet device (tap0) Arjan van Leeuwen (Feb 13)