[Snort-users] Using Snort with a virtual ethernet device (tap0)
Arjan van Leeuwen
avleeuwen at ...4962...
Wed Feb 13 04:22:09 EST 2002
I'm trying to setup Snort on my FreeBSD firewall system, and have it listening on a virtual ethernet connection. The virtual ethernet connection is tap0 with ip address 192.168.0.1 (see http://vtun.sourceforge.net/tun/ for more info). I use IPFilter as a firewall - it duplicates blocked packets to tap0 for further processing, so that snort can read it. Or that's what I tought.
If I run snort in verbose mode on the tap0 interface (snort -v -i tap0), not a single packet passes tap0. Even when I'm ssh-ing from the machine itself to address 192.168.0.1, nothing appears. Does someone have even a remote idea of what's happening here? I've been puzzling for quite some time now...
More information about the Snort-users