[Snort-sigs] multiple interfaces

Jason security at ...704...
Wed May 19 19:56:01 EDT 2004


to watch all interfaces

snort -i any

to selectively ignore a specific interface

snort -i any not ether dst [MAC address]

Eg: snort -i any not ether dst 00:D0:B7:92:4A:53

to selectively ignore multiple interfaces

snort -i any not ether dst [MAC address] and not ether dst [MAC address]

This will have the side effect of causing snort to not see any attacks 
targeted at the interface[s] you are ignoring, this is something you 
need to evaluate.



Kimberly Ho wrote:

> Hey all,
> 
> I've been trying to see if there was a way around snort 2.1.2, and why 
> it does not support multiple interfaces.   Snort 2.1.0 does however. But 
> in any case, is there a way to specify multiple interfaces, or even 
> negate one interface out of 10. We tried to modify the snort.conf file 
> and specified the interface to look for, but it did not like that.  
> Tried generally most things that are available online.  Any ideas?
> 
> Thanks again!
> Kim
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 





More information about the Snort-sigs mailing list