[Snort-users] Quick Question

McBurnett, Jim jmcburnett at ...4394...
Wed Apr 9 11:30:04 EDT 2003


Hello all-- 
I want to IDS sense traffic on the unprotected 
side of my firewall.
If I block traffic to the IP address the SNORT 
machine is configured as,
that should not prevent it from "sniffing" the 
traffic on the network segment should it?

Assume the following:
Win XP or Red Hat OS loaded.
In switched ethernet environment with Port mirroring 
setup to pass all traffic to the port of the SNORT box..

Thoughts? ideas?

Thanks,
J







More information about the Snort-users mailing list