[Snort-users] Using Snort with a virtual ethernet device (tap0)

Arjan van Leeuwen avleeuwen at ...4962...
Wed Feb 13 04:22:09 EST 2002

I'm trying to setup Snort on my FreeBSD firewall system, and have it listening on a virtual ethernet connection. The virtual ethernet connection is tap0 with ip address (see http://vtun.sourceforge.net/tun/ for more info). I use IPFilter as a firewall - it duplicates blocked packets to tap0 for further processing, so that snort can read it. Or that's what I tought.

If I run snort in verbose mode on the tap0 interface (snort -v -i tap0), not a single packet passes tap0. Even when I'm ssh-ing from the machine itself to address, nothing appears. Does someone have even a remote idea of what's happening here? I've been puzzling for quite some time now...


More information about the Snort-users mailing list