[Snort-users] -i switch
mf at ...2811...
Mon Sep 24 06:16:02 EDT 2001
Out of interest is it possible to use the -i switch in Snort to tell it to
monitor a modem within Windows 2000. If so what would the command be???
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Chris
Sent: 24 September 2001 13:44
To: DJDave Sobel
Cc: 'Erek Adams'; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Configuration issue, Part II
DJDave Sobel wrote:
> How do you specify which interface to use?
The -i switch to snort.
> And of more importance to me, how do you specify binding to multiple
> interfaces? I'd like it to be watching traffic to all the internal
> networks, not just one... (that way, I can see what ipchains missed..)
This is in the Snort FAQ, but if you run a Linux 2.4 kernel and a
special patch to Snort, and specify '-i any' Snort will monitor all
interfaces (not certain if this patch has found it's way into mainstream
Failing that you can do as i have done and run a Snort instance on each
interface. It works quite well especially if you use Demarc, since each
Snort instance counts as a seperate sensor.
I used the -I switch to make Snort list the interfaces in the ASCII
alerts to make it easier to visualise where a packet came from.
Visit the FAQ at www.snort.org for more specific details.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users