[Snort-users] Snort + network aliases

Dragos Ruiu dr at ...50...
Wed Aug 2 06:36:19 EDT 2000


Snort will put the interface into promiscuous mode and listen for all
IPs unless you specify filters.  You shouldn't need two instances of
snort connected to the same physical interface no matter how may 
virtual IPs you give that I/F, one instance will work for all.  

Home Net should be the aggregate of all the IPs of all hosts 
you want snort to watch.

cheers,
--dr

On Wed, 02 Aug 2000, Przemek Bak wrote:
> I have linux with one network card and two aliases:
> eth0:  192.168.x.x
> etho:1 <internet ip>
> 
> I want snort to listen on both ip adresses. In fact, I want
> snort to listen everything. Should I run two snort instances,
> one listen on 192.168.x.x and another on <internet ip> ?
> Or I can force snort somehow to  listen on both adressess.
> In the second case, what should home-net contain ?
> 
> Maybe listening on 192.168.x.x is enough ?
> 
> przemol
> 
-- 
dursec.com ltd. / kyx.net - we're from the future    http://www.dursec.com




More information about the Snort-users mailing list