Re: Quick Question

[Erick Mechler <emechler () techometer net>]

:: I want to IDS sense traffic on the unprotected 
:: side of my firewall.
:: If I block traffic to the IP address the SNORT 
:: machine is configured as,
:: that should not prevent it from "sniffing" the 
:: traffic on the network segment should it?

Snort uses libpcap to capture traffic, so it sits lower on the network 
stack than firewalls.  As such, libpcap will see all traffic before it's 
either allowed or denied by your firewall.

And I'm not picking on you personally, Jim, but FYI this question and
answer can be found in the list archives or on Google with a simple search.  
Be sure to check the available resources before posting to the list!

Cheers - Erick


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users