[Snort-users] Listening openVPN

Matt Olney molney at ...1935...
Sun Dec 6 12:23:44 EST 2009


When testing new listening setups, I use tcpdump to check what traffic  
I'm seeing.  It uses the same underlying library that snort uses, and  
provides an immediate view of the traffic.

Sent from my iPhone

On Dec 6, 2009, at 11:41 AM, Andre Rodier <andre.rodier at ...14721...>  
wrote:

> Hello everybody,
>
>
> After googling around, I can'f find any answer to my question.
>
>
> Is it possible to configure snort to listen on the virtual network
> adapter of OpenVPN (tap0) ?
>
>
> I have tried to configure snort to do this, but apparently this fail:
>
>
> var HOME_NET [10.10.1.0/24,192.168.0.0/24]
>
>
> 10.10.1/24 is the vpn network address, while 192.168.0.x is the  
> physical
> network.
>
>
> I use nmap to start a portscan, and the result is accurate on both
> interfaces. However, the only logs from Snort I have are coming from  
> the
> physical network interface 192.168.0.0/24,
>
>
> Do I have to do something special to authorise snort to listen this
> virtual interface ?
>
> Thanks.
>
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Join us December 9, 2009 for the Red Hat Virtual Experience,
> a free event focused on virtualization and cloud computing.
> Attend in-depth sessions from your desk. Your couch. Anywhere.
> http://p.sf.net/sfu/redhat-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list