[Snort-users] Configuration issue, Part II

Erek Adams erek at ...577...
Mon Sep 24 06:35:03 EDT 2001


On Mon, 24 Sep 2001, Greg Sarsons wrote:

> Okay I've got snort running collecting a big binary dump file and not
> doing anything else but it is on a machine running iptables (the dump
> file will be looked at latter on another machine).  So is it the case
> that much of the traffic will be killed by iptables even if snort is
> running in promiscuous mode?

Yes.

> Does that mean that I have to take down my iptables firewall to collect
> everything?

Yes.  To make it simpler, put snort on a box by itself.  Set it outside your
firewall with a recieve only cable and no IP on the interface.  All will be
good.  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list