[Snort-users] Snort startup with multiple interfaces

Douglas Hart douglas at ...6435...
Thu Sep 11 04:28:02 EDT 2003


Not sure about FreeBSD, but you can do this on OpenBSD by configuring 
NIC 1 and 2 as bridge interfaces (learn and discover disabled).  Snort 
can then listen to the combined TX/RX traffic on the logical bridge0 
interface.

Rgds,

Doug

Jade E. Deane wrote the following on 11/09/2003 02:53:
> How about a FreeBSD machine being used as a sensor, where the ingress
> and egress traffic comes in mirrored on different interfaces.
> 
> I have a physical Ethernet tap that takes TX traffic to NIC 1, and RX
> traffic to NIC 2.  I run separate snort instances for each.... to me,
> this is, well, stupid.
> 
> There must be a better way, or a method of combinging the TX/RX data to
> one logical interface, in lieu of using a switch SPAN or mirror port.
> 
> Regards,
> Jade
> 
> On Wed, 2003-09-10 at 11:12, J.Mann wrote:
> 
>>>Since I have 4 eth commands there, will Snort take them all and listen
>>>on each interface? 
>>
>>This is mentioned in the FAQ:
>>
>>  http://www.snort.org/docs/faq.html#3.4
>>
>>Regards,
>>Jon Mann
>>
>>
>>On Wed, Sep 10, 2003 at 11:11:28AM -0400, Frye, Dan wrote:
>>
>>>I'm running Snort 2.01 on linux. I'm using the command line:
>>>
>>>/app/snort/bin/snort -U -d -D -c -o /app/snort/snort.conf -i eth0 -i
>>>eth1 -i eth3 -i eth4
>>>
>>>Since I have 4 eth commands there, will Snort take them all and listen
>>>on each interface? I don't have my taps yet so I can't test it, but am
>>>hoping someone can confirm or deny this config. Thanks.
>>> 
>>>d
>>>
>>>
>>>
>>>-------------------------------------------------------
>>>This sf.net email is sponsored by:ThinkGeek
>>>Welcome to geek heaven.
>>>http://thinkgeek.com/sf
>>>_______________________________________________
>>>Snort-users mailing list
>>>Snort-users at lists.sourceforge.net
>>>Go to this URL to change user options or unsubscribe:
>>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>>Snort-users list archive:
>>>http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list