[Snort-users] Multi nic host?

Steve Shockley Steve.Shockley at ...378...
Thu Sep 7 14:42:21 EDT 2000


One problem you may run into here is that your switch doesn't route by IP
address, it routes by hardware (MAC) address.  A possible solution here
would be to run without IP addresses on at least three of them.

In my configuration, my entire network is switched, so it's unfeasible to
monitor the entire network.  I'm mostly concerned with traffic going in and
out of the firewall and over the frame-relay link to our global offices
(which I don't control).  So, I set up a small hub (repeater, not switch)
with four machines plugged into it; the firewall's Inside port, the FR
router, the IDS machine, and the switches.  That way the IDS sees all the
traffic going in or out of my office.


-----Original Message-----

Hello Group

Most likely a silly question but here goe's.  Can snort support a multi nic
machine? Lets say I have a private network 10.1.1.0 over four 24 port hubs
all connected by one switch..  Because the switch does some routing I can
not just plug into the switch a catch all the traffic.  What if I had a
machine with four nics, one for each hub,  for example nic 1 10.1.1.11, nic
2 10.1.1.12 and so on..  Then set
-h 10.1.1.0/24.  Would snort analyze all the traffic on each NIC?

TIA
Chris N.


-----BEGIN PGP PUBLIC KEY BLOCK-----
mQCNAzkcTLAAAAEEAKbYBHYDzkMbBwJ9Vkx3vDDpYFJ1M8QXepNflcIRhsRsQm3i
fVrpXT1kSMlJoAnvrDKHdQdnw2CD0uuSOsJevySBBkjGJtL0xPTm7vLeIZcllvtN
B++NOeZgZaTtUVo0BHIIMu0IwLE0UtlM0MSTaScXBjPKgBELLTF8ni28kkNrAAUR
tDdDaHJpc3RvcGhlciBDLiBOb3J0aHJvcCA8Y2hyaXMubm9ydGhyb3BAcG8uc3Rh
dGUuY3QudXM+iQCVAwUQORxMsDF8ni28kkNrAQEpygP9Fl4PSg9SEirG//8suHJJ
L9f+RrCEIO3MtrwXLK2/ap8N8u3CsfyWSLSZ8bf6N6MXu41jQ6cSQvN/7yvGdNY/
/2f5S3AfZQX+0Sc9exGm0owb1+FphS0zoZNh0ArYijtGbV/P4LslfEz4nL8rqxep
8Q1EQb3b/Pu6eiPsKEqbs1c=
=hDo/
-----END PGP PUBLIC KEY BLOCK-----

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users



More information about the Snort-users mailing list