[Snort-users] -i switch

Matthew Francis mf at ...2811...
Mon Sep 24 06:16:02 EDT 2001


Hi,

Out of interest is it possible to use the -i switch in Snort to tell it to
monitor a modem within Windows 2000.  If so what would the command be???

Thanks.

Matt.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Chris
Keladis
Sent: 24 September 2001 13:44
To: DJDave Sobel
Cc: 'Erek Adams'; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Configuration issue, Part II


DJDave Sobel wrote:

Hi Dave,


> How do you specify which interface to use?

The -i switch to snort.


> And of more importance to me, how do you specify binding to multiple
> interfaces?  I'd like it to be watching traffic to all the internal
> networks, not just one... (that way, I can see what ipchains missed..)

This is in the Snort FAQ, but if you run a Linux 2.4 kernel and a
special patch to Snort, and specify '-i any' Snort will monitor all
interfaces (not certain if this patch has found it's way into mainstream
Snort?)

Failing that you can do as i have done and run a Snort instance on each
interface. It works quite well especially if you use Demarc, since each
Snort instance counts as a seperate sensor.

I used the -I switch to make Snort list the interfaces in the ASCII
alerts to make it easier to visualise where a packet came from.

Visit the FAQ at www.snort.org for more specific details.




Regards,

Chris.

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list