Re: how to specify collecting packets on more then one interface

[James Lay <digitalx00 () gmail com>]

On Oct 10, 2013, at 8:07 PM, <snorty () cad webatu com> wrote:

> I have a sensor setup that currently is running as a read-only, and the tap point is split into upstream on one 
> interface and downstream packets on another interface. My question is how can I set this up so that snort can merge 
> the packets from just these two interfaces so snort can see the whole picture on what’s happening on the tap? (FWIW I 
> also can't listen on all interfaces because I don’t want to look at loopback data or the other interfaces on the 
> computer).

Manual has this:

http://manual.snort.org/node7.html#SECTION00253000000000000000

…in a nutshell:

snort --daq afpacket -i eth0:eth1


James

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!