[Snort-users] snort setup

Demetri Mouratis dmourati at ...3877...
Fri Jul 12 08:52:10 EDT 2002


On Fri, 12 Jul 2002, Alwin Raymundo wrote:

> Hi all,
>
> Here is my another naive question.  I want to put my
> snort box in front of my switch because my swith is
> not capable of port mirroring.
>
> internet -> cisco router -> snort box -> switch ->
> servers
>
> My future setup on snort box (redhat 7.3, snort -mysql
> and 2 nic cards).
>
> here now the question about the 2 nic what should I
> used ip address to these 2 nic cards, should it be 2
> public ip address? or 1 public IP address and 1
> network address.
>
> any help would be highly appreciated.
>
> Thanks in advance, brother in snort.

Totally up to you and how you want to handle your routing.  Just make sure
the packets reach the snort box.

You could also achieve the same result by placing a hub between the Cisco
and the switch, and hanging snort off the hub.  That way, you could leave
all the IPs on your router and switch the same.  Read the FAQ regarding
taps, configuring snort without an IP, etc.

Good luck.

---------------------------------------------------------------------
Demetri Mouratis
dmourati at ...3878...





More information about the Snort-users mailing list