[Snort-users] Sniffing a virtual VPN interface?

Laleem laleem at ...1050...
Mon Nov 4 13:57:07 EST 2002


I have an ADSL modem and my access provider requires that I connect to the 
modem using PPTP. I can use a Linux firewall to connect to the modem. The 
public IP address on the firewall is the address of the tunnel. There is no 
point in letting Snort snif between the modem and the firewall, because of 
the encryption.

I could snif behind the firewall, but then I would see only see the traffic 
from and to internal hosts and not the traffic that is stopped by the firewall.

For educational purposes I would like to see *all traffic*. Is it possible 
to install Snort on the firewall and snif the virtual VPN interface?

Alternatively, does anyone know of an ADSL router that will forward *all* 
traffic it receives on it's public IP address to an inside IP address? Just 
setting port address translation for a few ports won't do.

I really only have one public IP address.

Thanks in Advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021104/d7477bde/attachment.html>

More information about the Snort-users mailing list