[Snort-users] Snort Topology Configuration

Hutchinson, Andrew Andrew.Hutchinson at ...3639...
Mon Jun 24 13:25:06 EDT 2002

That sounds correct.  Spanning requires no special configuration on your
snort box - just make sure that you have your $HOME_NET var defined
correctly in your config file, and all should be well.  If you're using
a second port to gather the alerts or access the snort box, you'll also
have to use the -i switch  when you start snort to specify which
interface you're monitoring.

Hope that helps,


-----Original Message-----
From: DThomaz at ...6151... [mailto:DThomaz at ...6151...] 
Sent: Monday, June 24, 2002 2:15 PM
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Topology Configuration

I have setup snort on my local LAN. The snort box is collecting only
from my LAN. I want to sniff all packages that came from my WAN in to
the LAN using snort. My question is that if I span the Ethernet port of
my WAN router to the sniffer port should collect all  WAN data coming in
the LAN? Here is my network:

     switch CAT4k
     Snort box

Do I need any special configuration on the snort box to use the span
command from the switch?

Thanks for the support,


Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list