[Snort-users] combination of snort & ipchains

Jason Haar Jason.Haar at ...294...
Wed Jan 17 14:57:46 EST 2001


On Wed, Jan 17, 2001 at 09:00:28AM +0200, Langa Kentane wrote:
> If, to remedy this problem, I install another network adaptor and not give
> it an IP and have snort listening on this adapter and have it connected to
> the segment where I want to do the packet capture, will this work?

Yes. That's assuming that "segment" means a non-switched hub, or a switch
where you can choose a management port on which all other ports traffic is
duplicated.

I'm doing that here at the moment on my test snort box. One card for my
workstation traffic, and the other into a monitoring 100M hub on which
"interesting" LAN traffic has been rewired to travel over. :-)

Bloody marvelous :-) 


-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the Snort-users mailing list