[Snort-users] Quick Question

McBurnett, Jim jmcburnett at ...4394...
Wed Apr 9 11:30:04 EDT 2003

Hello all-- 
I want to IDS sense traffic on the unprotected 
side of my firewall.
If I block traffic to the IP address the SNORT 
machine is configured as,
that should not prevent it from "sniffing" the 
traffic on the network segment should it?

Assume the following:
Win XP or Red Hat OS loaded.
In switched ethernet environment with Port mirroring 
setup to pass all traffic to the port of the SNORT box..

Thoughts? ideas?


More information about the Snort-users mailing list