Snort mailing list archives

Re: Snort, FreeBSD and Multiple NICs

From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 16 Oct 2001 10:22:28 -0700 (PDT)

On Tue, 16 Oct 2001, Dave Elfering wrote:

I'm running FreeBSD 4.4 and Demarc 1.05 RC2 on a Dell Precision (1GB RAM,
800Mhz CPU) with an Adaptec quad ethernet card.

I must be brain damaged, because I'm not seeing how to select several
interfaces.

I want to minimally run Snort on two interfaces watching separate network
segments, and experiment with watching up to 4 segments. This is just
cleaner for me than setting up a probe for each silly network I want to
monitor.

Sorry if this is FAQ fodder some place, but I haven't seen this question
answered.


Well...  Now that you mention it:  (CVS FAQ Version)

3.4 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: How can I run snort on multiple interfaces simultaneously.

A: If you aren't running snort on linux 2.1.x/2.2.x kernel (with LPF
available)
   the only way is to run multiple instances of snort, one instance per
   interface. However for  linux 2.1.x/2.2.x and higher you can use libpcap
   library with S. Krahmer's patch which allows you to specify 'any' as
   interface name. In this case snort will be able to process traffic
   coming to all interfaces.


;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort, FreeBSD and Multiple NICs Dave Elfering (Oct 16)
- Re: Snort, FreeBSD and Multiple NICs Erek Adams (Oct 16)
- <Possible follow-ups>
- RE: Snort, FreeBSD and Multiple NICs Chris Eidem (Oct 16)