Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Monitoring Multiple Subnets

From: "Seth Dunn" <seth () d2ms com>
Date: Mon, 13 May 2013 11:16:37 -0400
For what I did....I don't have quite the same setup as you, but I needed
to monitor multiple LANs.
10.75.x.x/24 and 10.76.x.x/24

I am using a Cisco switch for my networks.
I set up SPAN on my switch, RSPAN is also available, to copy traffic
from two ports in which inbound/outbound traffic flows for these
LANs.....and set up the destination port for the port that my Snort box
is listening on.

 

Then as someone noted, in your snort.conf file you need to make sure
these two networks are part of your $HOME variable.

 

From: Shaun Marlin [mailto:shaun.marlin () canalta com] 
Sent: Monday, May 13, 2013 11:04 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Monitoring Multiple Subnets

 

I am building a SNORT box to monitor my network.  I have 2 ISP's.  Is it
possible to have the 2 ISP's connect into an unmanaged switch, then have
SNORT configured with an IP from each block that I have, and finally
pass the traffic back onto the switch that goes into my network?

 

Sorry for the run on question there

 

Essentially I am looking for something like this

 

                                                
                        
                        
                
        
        
 

 

 


  ISP 1

 
Router 1
Internal Network

                                                                   

 


                                                
                
        
                        
        
                        
 


  ISP 2
Router 2

 


 
SNORT

 

 

                                Unmanaged Switch

 

 

SNORT would endup monitoring 3 different subnets.  For instance
1.1.1.0/27 2.2.2.0/27 and 3.3.3.0/29.

 

Does anyone see a reason why this would not work

 

Shaun Marlin
Network Administrator

 
Canalta Family of Companies

2109 - 545 Highway 10 East 
Drumheller AB Canada T0J 0Y0
PHONE: (403) 820-3865
CELL:     (403) 334-1313  

EMAIL:   shaun.marlin () canalta com
WEB:      www.canalta.com

 

        
        

 



------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: