Snort mailing list archives
port mirror with linux
From: "surman ." <surmano.fumano () gmail com>
Date: Sun, 14 Mar 2010 20:02:54 +0100
Hi !
I have a question.
I have a linux box with 4 ethernet devices. This machine acts as router/
proxy / antivirus. I only use 3 ethernet devices, so I have 1 free port.
I want to attach a snort box to this port.
How can I configure a "port span/mirror" on the linux box? The snort box
(192.168.3.100) needs to "see" all traffic passing through all router
ethernet devices.
I think I a set up a bridge won't work, cause nat doesnt work well with
brctl (I had lotta problems time ago).
I think iptables can't do the work,cause iptables dont support layer 2
redirects, doest it?
Thanks four your help!
===============================================
192.168.1.1
eth1
|
|
INTERNET (dhcp) eth0 ----[ Router ] ---- eth2 192.168.2.1
|
|
eth3
192.168.3.1
+----------[SNORT] 192.168.3.100
===============================================
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- port mirror with linux surman . (Mar 14)
- Re: port mirror with linux Richard Bejtlich (Mar 14)
- Re: port mirror with linux phillip bailey (Mar 15)
- Re: port mirror with linux Richard Bejtlich (Mar 14)