[Snort-users] Snort in a switched environment
Justin M. Parker
bluesman at ...5852...
Tue May 14 08:39:11 EDT 2002
On Tue, 14 May 2002, Bastian Ballmann wrote:
> Hello! Is it possible to run Snort in a switched environment? Cause
> Snort can only sniff the traffic of the host he is running on. Unless
> he is doing something like ARP poisoning or something like this... But
> I think this would lead into trouble if you run the arpspoof
> preprocessor ;) Greets
It would probably benefit you in this case if you ran Demarc and ACID or
such, where you can have a snort server on each machine that is monitored.
Demarc will let you add several snort "clients" and watch them from a main
interface. Not sure about the ARP spoof stuff.
Hope this helps,
Justin M. Parker --------/ \ o---
Systems Administrator -----/ \ | http://www.pneumatek.com
Pneumatek, Inc. ---\ / http://www.thetekshop.com |
(417)264-4800 ---\ / ---o
More information about the Snort-users