[Snort-users] Multiple instances of snort on one box?

Edin Dizdarevic edin.dizdarevic at ...7509...
Mon Oct 25 08:50:13 EDT 2004


I received an error so I send this again...

##########
Hi,

Matt Kettler wrote:

> At 03:39 PM 10/21/2004, Drew Stockman wrote:

...
> 
> Depends a bit on your OS.. Most linuxes will support -i "any" which will 
> allow a single snort process to sniff all three.. However, your results 
> will be mixed together.

What I mislike on "any" is that it also will be capturing on loopback.
So remember to disable the appropriate rules. Unfortunately there is
some real traffic on the Internet claiming to be from 127.0.0.1. Since
the lo intarface has no MAC there is no to me known possibility to blend
this traffic out.

Additionally the promisc mode will not work with "-i any".

So beware.

Regards,
Edin


-- 
Edin Dizdarevic


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list