Re: snort with two interface

[Jeremy Hoel <jthoel () gmail com>]

And without patching, you could bond the two interfaces together and
listen on the bonded interface.  The only downside of both of those
options is not knowing what NIC saw the bad traffic.. you could go of
IP of course, if that makes sense for your network design.



On Wed, Dec 5, 2012 at 4:16 PM, Jaime Nebrera <jnebrera () gmail com> wrote:
>   Hi Leonardo,
>
>   This is not fully right. With proper patching Snort can read from multiple
> interfaces within the same instance. This is BTW, what we have done in
> redBorder project
>
>
> On 05/12/12 17:11, Leonardo Pezente wrote:
>
> yeah yuo were right, i just can run one interface per instance of snort i
> run.
> thanks James
> 2012/12/5 Lay, James <james.lay () wincofoods com>
> > From: Leonardo Pezente [mailto:lmpezente () gmail com]
> > Sent: Wednesday, December 05, 2012 8:52 AM
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] snort with two interface
> >
> >
> >
> > i have the snort in the border of a network, and how this topic shows, it
> > has two interface. i have put the HOME_NET equal to the ip of the both
> > interfaces.
> >
> > the think is: in one of them i can detect attacks, but in the other i
> > cant.
> >
> > when i start to test, i was using just one (the iterface that is
> > detecting).
> >
> > but i need particular that the other detect too. so, what could be wrong?
> >
> > my snort.conf is working fine, and i he is starting on boot sniffing both
> > interface.
> >
> > This might be a problem with pcap?
> >
> >
> >
> > I believe Snort can only listen on one interface at a time, so you may
> > want to run two separate instances of snort.
> >
> >
> >
> > James
>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!