Re: Question about Inline mode

[Michael Altizer <maltizer () sourcefire com>]

On 12/04/2011 09:36 PM, Albert E. Whale wrote:
> When using either NFQ or the DAQ modules, are the interfaces bonded 
> together?  I completely understand that the Management interface is 
> assigned an IP Address, a gateway and a network (subnet mask).
>
> What happens to the two interfaces used in inline mode?  If I place 
> the sensor inline, are the interfaces numbered?  DO I need to fully 
> provide networking (routing) between the interfaces?
With the AFPacket DAQ module, the interfaces just need to be configured 
as "up" (ifconfig ethX up).  The module opens the interfaces in 
promiscuous mode and will forward all packets received on each interface 
that are not blocked by the reader out the other.  No further setup is 
required.

If I recall correctly, the PFRing module works in much the same fashion.

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!