Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort on separate machine stealth interface

From: Paolo Meridiani <Paolo.Meridiani () roma1 infn it>
Date: Sat, 7 Jun 2003 06:58:43 +0200 (MET DST)
Hi,
        suppose that you want to run SNORT only to monitor traffic
arriving on a public interface of single machine  (A) in a switched
netowrk,
and
you want that SNORT runs on a separate machine (B) on a stealth interface 
(eth1), but i cannot use neither TAP nor spanning port.
What I'd like to do is to send packet to & from eth0 of (A) through its
eth1 attached to an internal hub, where also eth1 of (B) is
attached. What I have in mind is a sort of TAP for eth0 with linux 
kernel. I've tried with forwarding on (A) but I hadn't success.

Any suggestion?

Paolo Meridiani




-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: