[Snort-users] BPF Alternative for PPPOE?

Richard A. Burman III Richard.Burman at ...9592...
Tue Jul 1 08:31:24 EDT 2003


Thanks for the reply.  I am tapping a link between an Alcatel SpeedTouch
(standard Ethernet) and an external interface of a Firewall (Standard
Ethernet).  I do not have the ability to drop a sensor on the interface of
the firewall.  It is a linux based firewall, (Astaro), but it would not be a
supported process (something I would have a customer do).  I am using a very
good tap btw, a NetOptics.    

Richard A. Burman III
Cinagen, Inc.



-----Original Message-----
From: Chris Green [mailto:cmg at ...1935...] 
Sent: Tuesday, July 01, 2003 9:05 AM
To: richard.burman at ...9592...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] BPF Alternative for PPPOE?

"Richard A. Burman III" <Richard.Burman at ...9592...> writes:

> Sorry to ramble, but I wanted to be as specific as possible and hope that
> someone might have a suggestion as to what I can do.  I tried just for
grins
> to see if snort treated the bpf any different than tcpdump did, but did
not
> seem to have any success (with PPPOE).  In the meantime, I will read-up a
> little more on excluding hosts in the snort.conf file and welcome any
> suggestions. 

Does PPPoE create any other devices that can be used for sniffing
rather than the raw etherent device?
-- 
Chris Green <cmg at ...1935...>
You now have 14 minutes to reach minimum safe distance.






More information about the Snort-users mailing list