Re: Barnyard2 and AFPACKET

[PS <packetstack () gmail com>]

It's not really a necessity for me, but I wanted to know if it was possible. Doing some searches online didn't lead to 
much. Thanks!

On Feb 6, 2012, at 2:33 PM, beenph wrote:

> On Mon, Feb 6, 2012 at 2:05 PM, PS <packetstack () gmail com> wrote:
> > Hello,
> >
> > I would like to know how set the "config interface" option in the barnyard2.conf file when using Snort and AFPACKET
> > if it is possible. Is it possible to configure the file so that it can differentiate which interface the alert fired 
> > off on? I am
> > currently using interfaces eth0:eth1.
> >
> > Thanks!
>
> As far as i know, unified2 does not contain the information about the
> interface wich the event has been triggered from.
> I guess you could technically determine this by the source_ip
> destination_ip and the related sid and gid which would give you
> information on the flow of the event.
>
> -elz


------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!