Segmenting Network Parts

["Jan van den Berg" <jan () e-commercepark com>]

Hi there,

 

I have a machine with 2 NICs which I want to use as the sensor. I'm
thinking of doing this by plugging this box into the switch with one NIC
with a read-only cable and/or putting the interface in "stealth" mode
(so without an IP). The other NIC I want to use for the management
console; so this is where the logs go, the mySQL database will be and
stuff as ACID and SnorCenter and is the communication point with the
sensor.

In another email I received this answer about the stealth mode and that
is fine. But this answer raised a couple of other questions though.
First how can I make the sensor not to sniff NIC2? Or say I want to
sniff different VLANs and not the entire traffic stream how do I go
about this? So how do I go about segmenting different network parts off
of the sensor?

 

Regards,


Jan van den Berg