Snort mailing list archives
Re: Ethernet Tap
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 13 Aug 2004 13:48:00 -0500
On Fri, 2004-08-13 at 13:31, STEVE MAKOUSKY wrote:
If not is it easy enough to start snort on two nics and log to the same database and handle packet reconstruction that way????
Uhm... no. Who would be doing the reconstruction? Snort isn't, the database isn't. Sorry, if you want to sniff a single data stream on two NICS (split-tap), you would need to configure these NICs in bridge-mode, or somehow else have the OS treat both NICs as a single NIC. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Ethernet Tap STEVE MAKOUSKY (Aug 13)
- Re: Ethernet Tap Frank Knobbe (Aug 13)
- Re: Ethernet Tap Craig Paterson (Aug 13)
- Re: Ethernet Tap Frank Knobbe (Aug 13)
- Re: Ethernet Tap Craig Paterson (Aug 13)
- Re: Ethernet Tap Matt Kettler (Aug 13)
- <Possible follow-ups>
- Re: Ethernet Tap TKaroutsos (Aug 13)
- Re: Ethernet Tap Matt Kettler (Aug 13)
- RE: Ethernet Tap Turnquist,Wayne (Aug 13)
- Message not available
- RE: Ethernet Tap Matt Kettler (Aug 13)
- Message not available
- Re: Ethernet Tap Frank Knobbe (Aug 13)
- Re: Ethernet Tap TKaroutsos (Aug 13)
- Re: Ethernet Tap Matt Kettler (Aug 13)
- Re: Ethernet Tap Bill Parker (Aug 13)