Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Where does Snort sit...

From: John Sage <jsage () finchhaven com>
Date: Sun, 13 May 2001 01:00:33 -0700
...as it were, in relation to ppp0 and ipchains?

As I understand it, now I've got:

               _________________________________________
              |              firewall box               |

Internet <---> ppp0 <-> ipchains <-> portsentry <-> eth0 <---> LAN
Does Snort sit between ppp0 and ipchains (which is what I hope..) or is it after ipchains and thus is going to see only the stuff that ipchains lets it? 

Or does Snort get to the packets before ipchains does?
What I hope to do is more detailed probe analysis via Snort, and if it's behind ipchains I may have to open up my rules a little :-0 

TIA..

- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com
And remember: it's spelled l-i-n-u-x, but it's pronounced "Linux"


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: