[Snort-users] snort newbie help

Jose Maria Lopez Hernandez jkerouac at ...12346...
Mon Feb 28 14:25:44 EST 2005


El lun, 28-02-2005 a las 16:45 -0500, Guillermo Padilla escribió:
> Regarding the bonding.. yes the bonding suggestion worked.  But will this work fine.. if I connect each sensor to lets say a different hub on my network?  I need to sniff out different types of traffic, will snort be able to give me all this info when snort is just running one instance with the bonding suggestion?
> 
> Thx
> -guillermo

I think you have to check it by yourself. It depends enormously on
what you really want to do. The channel bonding method aggregates all
the traffic, so you have all the traffic from the hubs merged. If you
need to know what traffic it's originated on each network you will need
to use one instance of snort with it's own configuration for each
interface or hub you are using.

Regards.

-- 

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"






More information about the Snort-users mailing list