[Snort-users] Snort documentation
meconlen at ...9275...
Fri May 23 11:01:07 EDT 2003
I'm looking for some documentation, if it's been written on setting up
snort between a switch and a host... ...some background.
I've got hosts connected to a switch. Each host is doing something
around 40-70Mbit per second. I'd like to setup a snort box between each
of these and the switch in such a way that no one knows they are there.
My idea is to setup the box with three interfaces (one, two and three).
Interface one connects to the switch, interface two connects directly to
the host. Interface 3 connects to a network somewhere so I can login. I
would like to set it up so that interface 1 and 2 are not configured in
the OS for any stacks, and just let snort read packets from interface
one and dump them on two, and visa versa, then generate warnings which
would get sysloged somewhere through interface three.
I had thought this was possible at some point (years ago) but I didn't
see it anywhere in the documentation. Can someone point me in the right
More information about the Snort-users