Snort mailing list archives
Snort on separate machine stealth interface
From: Paolo Meridiani <Paolo.Meridiani () roma1 infn it>
Date: Sat, 7 Jun 2003 06:58:43 +0200 (MET DST)
Hi, suppose that you want to run SNORT only to monitor traffic arriving on a public interface of single machine (A) in a switched netowrk, and you want that SNORT runs on a separate machine (B) on a stealth interface (eth1), but i cannot use neither TAP nor spanning port. What I'd like to do is to send packet to & from eth0 of (A) through its eth1 attached to an internal hub, where also eth1 of (B) is attached. What I have in mind is a sort of TAP for eth0 with linux kernel. I've tried with forwarding on (A) but I hadn't success. Any suggestion? Paolo Meridiani ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort on separate machine stealth interface Paolo Meridiani (Jun 06)