Snort mailing list archives
Re: eth0 without ip
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 03 Feb 2003 20:57:40 -0500
Ahh, given that it's a mirror port, the switch probably forwards packets always and ignores the input link signal.
A lot of hardware won't do that. It will refuse to send unless there's a link-beat coming back in.
At 08:36 PM 2/3/2003 -0500, David Culp wrote:
Thanks for the information ...
The eth1 (Headless) interface is using the "no transmit" cable
to "mirror" the switch port that our public router is connected to.
Other than hardware errors, it seems to be catching all traffic (sent/recv)
that is passing through the router.
Public Switch:
Port m <-> ISP Router
Port n <-> Snort eth1 interface (no transmit)
where the switch is set to mirror all traffic (<-> m) to n.
David
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- eth0 without ip David Culp (Feb 03)
- Re: eth0 without ip Matt Kettler (Feb 03)
- Re: eth0 without ip David Culp (Feb 03)
- Re: eth0 without ip Matt Kettler (Feb 03)
- Re: eth0 without ip David Culp (Feb 03)
- <Possible follow-ups>
- RE: eth0 without ip Hicks, John (Feb 05)
- Re: eth0 without ip Matt Kettler (Feb 03)