Re: Snort on Windows with one ethernet card

[Frank Knobbe <frank () knobbe us>]

On Wed, 2009-07-22 at 13:45 -0500, Youngquist, Jason R. wrote:
> Ideally, I understand Snort wants two network interface cards – one
> for management, and one for capturing packets.  I have a number of
> Windows servers at remote locations, but they only have 1 interface
> card.  Can Sort for Windows be installed on a Windows server (the
> server would still need an IP so it can function as a file server, AD,
> etc.) and work with just one ethernet card or would I need two?


Snort doesn't want anything. You can run Snort on a system without
network cards, just reading data from a pcap file :)

But yes, normally you configure Snort to analyze traffic on a network
interface. You can install Snort on all of your Windows servers and have
the Snort instances monitor that single card in the Windows server.
Those network cards obviously have an IP address. What Snort will see is
all traffic coming from or going to that server it's sitting on.

Regards,
Frank


-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users