Snort mailing list archives
RE: When is a hub not a hub? (AuthReply)
From: Graeme Fowler <graeme.fowler () hosteurope com>
Date: Thu, 7 Jun 2001 15:51:23 +0100
Hi folks
should be relatively straightforward to modify snort to listen to at least 2 interfaces. this would have other applications besides just support for ethertaps
Alternatively just aggregate all the sniffing interfaces you have attached to a box using tcpdump. By default it will (in more recent releases, I realise some old ones don't do this) bind to all available interfaces. You can then pump the output from tcpdump to standard out, and then read it into snort on standard in as follows: tcpdump <options> -w - <expression> | snort <options> -r - <expression> Handy if, like me, you might want to watch multiple datastreams on multiple interfaces. Perverse? Maybe ;-) Graeme -- Graeme Fowler Systems Administrator Host Europe Group plc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- When is a hub not a hub? (AuthReply) Jonathan G. Lampe (Jun 05)
- Re: When is a hub not a hub? (AuthReply) Ryan Russell (Jun 05)
- Re: When is a hub not a hub? (AuthReply) Dan Hollis (Jun 05)
- Re: When is a hub not a hub? (AuthReply) Chris Green (Jun 07)
- Re: When is a hub not a hub? (AuthReply) Dan Hollis (Jun 05)
- <Possible follow-ups>
- Re: When is a hub not a hub? (AuthReply) Dan Hollis (Jun 06)
- Re: When is a hub not a hub? (AuthReply) Dan Hollis (Jun 06)
- RE: When is a hub not a hub? (AuthReply) Graeme Fowler (Jun 07)
- Re: When is a hub not a hub? (AuthReply) Ryan Russell (Jun 05)