[Snort-users] Capture Email Content / Website Activity

stuff at ...13646... stuff at ...13646...
Sun Nov 27 15:00:00 EST 2005


Thank you for your response. Can you verify that I understand this correctly?

I will refer to the snort box as snortbox. snortbox will contain the 
following:

-iptables
-squid
-snort
-two network cards

The network will be set out as follows:

Internet --> Modem --> snortbox --> router --> local network

I would then sniff all trafic outside the router allowing me to abtain all 
traffic that I need to.

Is this correct?

P.S. Why do I need to run squid?

Thanks

On November 27, 2005 03:29 pm, G Ramon Gomez wrote:
> Yes.  Use iptables to create a bridge and sniff on the virtual bridge
> interface.
> Given what you're trying to accomplish, you might redirect outgoing port
> 80 requests to a Squid instance running on the bridge, and thereby put a
> proxy in place that will keep track of web activity for you.
>
> - Ramon
>
> stuff at ...13646... wrote:
> >Is there then a way to create a snort box the sits between the router and
> > the modem?
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list