[Snort-users] Snort documentation

Michael Conlen meconlen at ...9275...
Fri May 23 11:01:07 EDT 2003


I'm looking for some documentation, if it's been written on setting up 
snort between a switch and a host... ...some background.

I've got hosts connected to a switch. Each host is doing something 
around 40-70Mbit per second. I'd like to setup a snort box between each 
of these and the switch in such a way that no one knows they are there. 
My idea is to setup the box with three interfaces (one, two and three). 
Interface one connects to the switch, interface two connects directly to 
the host. Interface 3 connects to a network somewhere so I can login. I 
would like to set it up so that interface 1 and 2 are not configured in 
the OS for any stacks, and just let snort read packets from interface 
one and dump them on two, and visa versa, then generate warnings which 
would get sysloged somewhere through interface three.

I had thought this was possible at some point (years ago) but I didn't 
see it anywhere in the documentation. Can someone point me in the right 
direction?

--
Michael Conlen






More information about the Snort-users mailing list