Snort mailing list archives
RE: Snort Topology Configuration
From: "Hutchinson, Andrew" <Andrew.Hutchinson () Vanderbilt edu>
Date: Mon, 24 Jun 2002 15:24:04 -0500
That sounds correct. Spanning requires no special configuration on your snort box - just make sure that you have your $HOME_NET var defined correctly in your config file, and all should be well. If you're using a second port to gather the alerts or access the snort box, you'll also have to use the -i switch when you start snort to specify which interface you're monitoring. Hope that helps, Andrew -----Original Message----- From: DThomaz () flowserve com [mailto:DThomaz () flowserve com] Sent: Monday, June 24, 2002 2:15 PM To: Snort-users () lists sourceforge net Subject: [Snort-users] Snort Topology Configuration I have setup snort on my local LAN. The snort box is collecting only from my LAN. I want to sniff all packages that came from my WAN in to the LAN using snort. My question is that if I span the Ethernet port of my WAN router to the sniffer port should collect all WAN data coming in the LAN? Here is my network: ethernetport<router>WAN--------------CLOUD | | switch CAT4k | | Snort box Do I need any special configuration on the snort box to use the span command from the switch? Thanks for the support, dthomaz ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Topology Configuration DThomaz (Jun 24)
- <Possible follow-ups>
- Re: Snort Topology Configuration Jon Quiros (Jun 24)
- RE: Snort Topology Configuration McCammon, Keith (Jun 24)
- Re: Snort Topology Configuration Jon Quiros (Jun 24)
- RE: Snort Topology Configuration Hutchinson, Andrew (Jun 24)