Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort documentation

From: Michael Conlen <meconlen () obfuscated net>
Date: Fri, 23 May 2003 13:59:22 -0400
I'm looking for some documentation, if it's been written on setting up snort between a switch and a host... ...some background.
I've got hosts connected to a switch. Each host is doing something around 40-70Mbit per second. I'd like to setup a snort box between each of these and the switch in such a way that no one knows they are there. My idea is to setup the box with three interfaces (one, two and three). Interface one connects to the switch, interface two connects directly to the host. Interface 3 connects to a network somewhere so I can login. I would like to set it up so that interface 1 and 2 are not configured in the OS for any stacks, and just let snort read packets from interface one and dump them on two, and visa versa, then generate warnings which would get sysloged somewhere through interface three.
I had thought this was possible at some point (years ago) but I didn't see it anywhere in the documentation. Can someone point me in the right direction? 

--
Michael Conlen




-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: