[Snort-users] What NICs are people using?

JP Vossen vossenjp at ...8683...
Sat May 3 12:24:49 EDT 2003


> From: "Gordon Cunningham" <gcunnin2 at ...163...>
> To: <snort-users at lists.sourceforge.net>
> Date: Fri, 2 May 2003 12:47:37 -0400
> Subject: [Snort-users] What NICs are people using?
>
> Situation:  RedHat (choice of version, 7.3+), snort, multiple segments to
> monitor (up to 4), barnyard, MySQL, Webmin, etc.

I assume you know about the end of life of RedHat < 9 at the end of 2003.


> RedHat says the use of multiple same-chipset Intel Pro100 NICs won't work
> due to a bug in the driver. I need to find a solution to support up to 4
> sniffing promiscuous Ethernet ports - 2 dual-port NICs or single 4-port?
>
> Q:  What brand/model of multiple NICs are you using to support sniffing up
> to 4 segments (5th separate NIC for management interface) on RedHat systems?

I have a Zynx ZX340Q quad card [1] that I WILL be using in this way, I'm just
not done yet.  But it came up without a hitch with both RedHat 8.0 and
Mandrake MNF (testing) [0] using the tulip drivers.  I'm told this is the same
card that Nokia used to charge ~ $2K (USD) for in their IPSO boxes...  I got
it on EBay for < $90.  Search EBay for Zynx then look for quad cards.

I have had a problem with it when trying to use crossover cables, but I'm not
sure where the fault is yet.  The other end of the cable was a Win2K box with
an Intel 8255x card and I think they just didn't auto-negotiate right.


> Q:  Do the dual- or multi-port NICs work?

If the OS can run 'em, Snort can use 'em.  But you will have to mess around
with startup scripts to run several instances of Snort concurrently.  (Someone
correct me if I'm wrong, but that's my understanding.)


> Q:  Should I move to another OS?

Hell no! :-)  Linux or xxxBSD seem to be quite popular choices.  Snort runs on
Windows and some people like it, but I wouldn't recommend it.


> Loved this so much I ripped it:  "The software said it requires Windows 98
> or better, so I installed Linux..."

;-)  Thanks.  I stole if from someplace years and years ago.

Later,
JP

[0] http://www.mandrakesoft.com/products/mnf
[1] http://www.znyx.com/products/hardware/zx340q.htm
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|                jp at ...8684...
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
"The software said it requires Windows 98 or better, so I installed
Linux..."





More information about the Snort-users mailing list