Snort mailing list archives
Re: Segmenting Network Parts
From: David Alonso De La Vega Tapage <delavegad () bancoaliado com>
Date: Fri, 21 Mar 2003 09:37:56 -0500
When use a Snort -i eht0 ( where eth0 is a sealt interface ) snort can log in mysql .. ? normal .. ?
Thanx for all .. Demetri Mouratis wrote:
On Thu, 20 Mar 2003, Jan van den Berg wrote:Hi there,I have a machine with 2 NICs which I want to use as the sensor. I'm thinking of doing this by plugging this box into the switch with one NIC with a read-only cable and/or putting the interface in "stealth" mode (so without an IP). The other NIC I want to use for the managementGood. <snip>First how can I make the sensor not to sniff NIC2?Pass the command line option -i to snort to specify you want to look at traffic on NIC1 (eth0 or equivalent).Or say I want to sniff different VLANs and not the entire traffic stream how do I go about this?Two ways come to mind. First way is to use network topology and configuration. If you only want traffic from a certain network, place your sensor in that network. You may be able to use the functionality of your switch to help you as well. http://www.snort.org/docs/faq.html#1.8 Second way is to use snort bpf filters. http://www.snort.org/docs/faq.html#3.10 So how do I go about segmenting different network parts offof the sensor?Same as above. Hope that helps. --------------------------------------------------------------------- Demetri Mouratis dmourati () linfactory com -------------------------------------------------------This SF.net email is sponsored by: Tablet PC. Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Segmenting Network Parts Jan van den Berg (Mar 19)
- Re: Segmenting Network Parts Demetri Mouratis (Mar 20)
- Re: Segmenting Network Parts David Alonso De La Vega Tapage (Mar 21)
- Re: Segmenting Network Parts Erek Adams (Mar 21)
- Re: Segmenting Network Parts David Alonso De La Vega Tapage (Mar 21)
- Re: Segmenting Network Parts Erek Adams (Mar 21)
- Re: Segmenting Network Parts David Alonso De La Vega Tapage (Mar 21)
- Re: Segmenting Network Parts Demetri Mouratis (Mar 20)