Snort mailing list archives
Re: how to configure snort with vlan
From: Russ Starr <russ.starr () gmail com>
Date: Tue, 20 Sep 2005 12:24:52 -0500
My VLAN experience is limited on GNU/Linux, but give this a try. Use this to test and make sure you are getting the packets you want. (This assumes your interface is eth0 and you want to only see vlan 2) snort -dev -i eth0 vlan 2 The "vlan 2" is a libpcap filter that should allow you to only see the 802.1q tagged messages for VLAN 2. Try running your three instances of snort using the three VLANs you are trunking on that port. Let me know if you have any luck. I am curious. -Russ On 9/13/05, fiorenzi <fiorenzi () tiscali it> wrote:
Hi, my noc have mirrored 3 vlan on the same mirror port of the switch, and so I have all the traffic mirrored on the same port. I would like to run different istance of snort for each vlan coming from the same ethernet card, what I need and how can I do? In particular how do I say snort to listen on ethX on vlan id Y? Thanks very much Alessandro Fiorenzi ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- how to configure snort with vlan fiorenzi (Sep 19)
- Re: how to configure snort with vlan Russ Starr (Sep 20)