[Snort-users] flex response and cisco span ports

Greg Herlein gherlein at ...3379...
Wed Jan 2 10:20:02 EST 2002


> So I guess my question is this.. Can I make the sensor send it's
> flex-response packets out the 'mgmt' port instead?  Surely there are other
> people with an environment like this [snort, cisco catalyst switches,
> flex-response] .. What's everyone else doing?

I suspect that you can fix this by making sure that your routing
configuration is set so that packets are routed out the
"management" interface.  I'd configure that eth to be the default
anyway, and have the second interface (eth1 or whatever) be the
snort port.  Then the response packets ought to go out as
expected.  

I think.  YRMV.

Greg





More information about the Snort-users mailing list