[Snort-users] Snort on separate machine stealth interface
Paolo.Meridiani at ...9399...
Fri Jun 6 21:59:04 EDT 2003
suppose that you want to run SNORT only to monitor traffic
arriving on a public interface of single machine (A) in a switched
you want that SNORT runs on a separate machine (B) on a stealth interface
(eth1), but i cannot use neither TAP nor spanning port.
What I'd like to do is to send packet to & from eth0 of (A) through its
eth1 attached to an internal hub, where also eth1 of (B) is
attached. What I have in mind is a sort of TAP for eth0 with linux
kernel. I've tried with forwarding on (A) but I hadn't success.
More information about the Snort-users