Snort mailing list archives
AF_Packet module
From: "Long, Kerry S" <kslong () mitre org>
Date: Fri, 28 Feb 2014 18:54:33 +0000
I am experimenting with AF_Packet DAQ module. Fully understand it is intended to be used to provide an inline FW capability/IPS. What I was wondering is if it is possible to get AF_PACKET to forward the same traffic it saw on one interface to another interface so a program like Wireshark could sniff from the second interface and see all the traffic that was being seen by the first interface? So if I use the command: /usr/bin/snort --daq afpacket --daq-dir /lib/daq --daq-var buffer_size_mb=500 -i p10p1:p10p2 -c /etc/snort/snort.conf It is possible to sniff the second interface by using tcpdump -I p10p2 and see all the traffic on p10p1. Is there a way to do this with Snort I am unaware of? Thanks, Kerry
------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- AF_Packet module Long, Kerry S (Feb 28)