Snort mailing list archives
Re: Multiple instances of snort on one box?
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Fri, 22 Oct 2004 10:59:13 +0200
Hi, Matt Kettler wrote:
At 03:39 PM 10/21/2004, Drew Stockman wrote:
...
Depends a bit on your OS.. Most linuxes will support -i "any" which will allow a single snort process to sniff all three.. However, your results will be mixed together.
What I mislike on "any" is that it also will be capturing on loopback. So remember to disable the appropriate rules. Unfortunately there issome real traffic on the Internet claiming to be from 127.0.0.1. Since the lo intarface has no MAC there is no to me known possibility to blend
this traffic out. Additionally the promisc mode will not work with "-i any". So beware. Regards, Edin -- Edin Dizdarevic ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple instances of snort on one box? Drew Stockman (Oct 21)
- Message not available
- Re: Multiple instances of snort on one box? Matt Kettler (Oct 21)
- Re: Multiple instances of snort on one box? Edin Dizdarevic (Oct 22)
- Re: Multiple instances of snort on one box? Edin Dizdarevic (Oct 25)
- Re: Multiple instances of snort on one box? Matt Kettler (Oct 21)
- Message not available
- Re: Multiple instances of snort on one box? Nick Hatch (Oct 21)
- <Possible follow-ups>
- Re: Multiple instances of snort on one box? Paul Schmehl (Oct 21)