Re: Mirroring port

[waldo kitty <wkitty42 () windstream net>]

On 7/18/2013 09:42, Abid Ayoub wrote:
> Hello
>
> I want to manage my small network. i have coonected snort to the mirror port of
> the switch .
> For the sniff , ok . But when i want tio block a  traffic like tcp traffic,  i
> can not.
> is there a solution for that?

yes... what you want is IPS (or inline mode) and not just a (hidden) IDS 
sniffer... that means at least two ports on the snort box with traffic entering 
on one port, traversing thru snort and then out the other port...

uncle google found the following with a search for "snort IPS inline how"

https://www.ibm.com/developerworks/community/blogs/58e72888-6340-46ac-b488-d31aa4058e9c/entry/august_8_2012_12_01_pm6?lang=en

or shortened

http://tinyurl.com/o2cjhdp

> Can i sniff from an interface (eth0) and apply instruction from another
> interface (eth1)?

there is that possibility as well... the other interface is known as an admin 
interface, IIRC... in IPS inline mode, you would have three ports in your snort 
box...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!