Snort mailing list archives
Re: Quick Question
From: Erick Mechler <emechler () techometer net>
Date: Wed, 9 Apr 2003 11:57:15 -0700
:: I want to IDS sense traffic on the unprotected :: side of my firewall. :: If I block traffic to the IP address the SNORT :: machine is configured as, :: that should not prevent it from "sniffing" the :: traffic on the network segment should it? Snort uses libpcap to capture traffic, so it sits lower on the network stack than firewalls. As such, libpcap will see all traffic before it's either allowed or denied by your firewall. And I'm not picking on you personally, Jim, but FYI this question and answer can be found in the list archives or on Google with a simple search. Be sure to check the available resources before posting to the list! Cheers - Erick ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Quick Question McBurnett, Jim (Apr 09)
- Re: Quick Question Erick Mechler (Apr 09)