[Snort-users] Quick Question
jmcburnett at ...4394...
Wed Apr 9 11:30:04 EDT 2003
I want to IDS sense traffic on the unprotected
side of my firewall.
If I block traffic to the IP address the SNORT
machine is configured as,
that should not prevent it from "sniffing" the
traffic on the network segment should it?
Assume the following:
Win XP or Red Hat OS loaded.
In switched ethernet environment with Port mirroring
setup to pass all traffic to the port of the SNORT box..
More information about the Snort-users