[Snort-users] Bonding or bridging two subnets

barryab63-ia at ...131... barryab63-ia at ...131...
Wed Dec 28 04:07:04 EST 2005

First, lets try to head something off before it gets started.  It's not a good idea to post the same question twice, especially within minutes of each other.  This is a free support and it can take time to get answers.  Some people get very irritated about this.
I don't think you'll want to bond or bridge the two interfaces in the case you describe.  I think you'll want to run multiple instances of snort, one for each of the two interfaces you want to monitor.  If you installed via RPM on SUSE I think you can do this by changing the settings in the /etc/sysconfig/snort file.  You just tell it which interfaces you want snort to monitor and it pretty much takes care of everything for you.

----- Original Message ----
From: R. Welz <welz at ...13668...>
To: snort-users at lists.sourceforge.net
Sent: Wednesday, December 28, 2005 8:58:02 PM
Subject: [Snort-users] Bonding or bridging two subnets

I do my first steps with snort. I want to run snort on a router+firewall
(SuSE Linux 10) to observe the traffic of my internal network and my DMZ.
Internet is not considered beeing observed.

I have three nics: (==a) (==b)
internet.ip.nnn.nnn (not to be considered)

So snort shall observe the traffic on a) and b).

Shall I bond the two nics together to a virtual interface? Or shall I
simply bridging here?

Thanks for help,

This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list