no_promisc option

[counter.spy () gmx de]

Short question, easy to answer (I hope):

Can the -p option (disable promisc mode) be used in order to run snort as a
NNIDS?

(NNIDS == Network Node Intrusion Detection System, in my understanding a
host IDS that uses stack-based attack recognition instead of system logs or
application logfiles)

If so, is there a way to install Snort as NNIDS without having to install
libpcap (for *nix) or winpcap (for Windoze boxes)?

The reason for this question is, I am playing around with the idea of using
snort as NNIDS on ISA Server or Exchange Server, but I don't like to have a
promiscuous mode device on a productive server.

Thanks!

Greetings,
D.Liesen

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users