Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort on multiple interfaces

From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 06 Nov 2004 18:42:38 +0100
El mié, 03 de 11 de 2004 a las 17:38, Jeffries, Michael MJ escribió:

Hi there,

I have a box with 3 interfaces pointing at different networks, I am
running fedora 9.2. How can I get snort to sniff on more than one
interface?

Do I just start two sessions of snort up as follows ?

snort -c /etc/snort/snort.conf -i eth0 &
snort -c /etc/snort/snort.conf -i eth1 &

Or is there a better way to do this?

Thanks a ton
Mike


If you want to listen on all the interfaces you can use "any"
to do it. If you have, let's say, eth0, eth1, eth2, eth3, eth4
and you only want to snort on eth0, eth1 and eth2 you can change
the name of the interfaces with the "ip" command from iproute2
to something like sn0, sn1, sn2 and use the word "sn+", I think
snort can accept it.


-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: