[Snort-users] snort newbie help

Guillermo Padilla gpadilla at ...13098...
Mon Feb 28 13:46:54 EST 2005

Regarding the bonding.. yes the bonding suggestion worked.  But will this work fine.. if I connect each sensor to lets say a different hub on my network?  I need to sniff out different types of traffic, will snort be able to give me all this info when snort is just running one instance with the bonding suggestion?


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...3204...ts.sourceforge.net] On Behalf Of Jose Maria Lopez Hernandez
Sent: Monday, February 28, 2005 1:00 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort newbie help

El lun, 28-02-2005 a las 11:30 -0500, Guillermo Padilla escribió:
> Hi,
> I just recently installed snort on RH9.0 with apache-myslq-php-acid
> etc.. The front end of the snort seems to be working fine. 
> The server that snort is installed on has 5 interfaces but 4 will be
> used as taps.  I'm having problems figuring out how to get snort to only
> listen on just those 4 interfaces.  If I set up my startup script to
> iface=any it only starts looping localhost alerts.  If I add iface=eth1
> it looks like its seeing traffic on that interface.  Right now I've only
> plugged all interfaces onto a hub where my windows machine is also plug
> to the the uplink port is connected to a switch which in turns goes out
> to the cloud.

You can do channel bonding of the interfaces you want the snort
daemon to listen to and then use the bonded interface in the
snort script.

> I want to see if I can see the traffic which is happening on my windows
> machine.
> All the interfaces do not have ip address except eth0.  
> Can anyone point me into the right derection?
> Regards,
> -Guillermo



Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list