[Snort-users] Snort + network aliases
dr at ...50...
Wed Aug 2 06:36:19 EDT 2000
Snort will put the interface into promiscuous mode and listen for all
IPs unless you specify filters. You shouldn't need two instances of
snort connected to the same physical interface no matter how may
virtual IPs you give that I/F, one instance will work for all.
Home Net should be the aggregate of all the IPs of all hosts
you want snort to watch.
On Wed, 02 Aug 2000, Przemek Bak wrote:
> I have linux with one network card and two aliases:
> eth0: 192.168.x.x
> etho:1 <internet ip>
> I want snort to listen on both ip adresses. In fact, I want
> snort to listen everything. Should I run two snort instances,
> one listen on 192.168.x.x and another on <internet ip> ?
> Or I can force snort somehow to listen on both adressess.
> In the second case, what should home-net contain ?
> Maybe listening on 192.168.x.x is enough ?
dursec.com ltd. / kyx.net - we're from the future http://www.dursec.com
More information about the Snort-users