[Snort-users] Snort on separate machine stealth interface

Paolo Meridiani Paolo.Meridiani at ...9399...
Fri Jun 6 21:59:04 EDT 2003

	suppose that you want to run SNORT only to monitor traffic
arriving on a public interface of single machine  (A) in a switched
you want that SNORT runs on a separate machine (B) on a stealth interface 
(eth1), but i cannot use neither TAP nor spanning port.
What I'd like to do is to send packet to & from eth0 of (A) through its
eth1 attached to an internal hub, where also eth1 of (B) is
attached. What I have in mind is a sort of TAP for eth0 with linux 
kernel. I've tried with forwarding on (A) but I hadn't success.

Any suggestion?

Paolo Meridiani

More information about the Snort-users mailing list