[Snort-users] port mirror with linux

surman . surmano.fumano at ...11827...
Sun Mar 14 15:02:54 EDT 2010

Hi !

I have a question.

I have a linux box with 4 ethernet devices. This machine acts as router/
proxy / antivirus. I only use 3 ethernet devices, so I have 1 free port.

I want to attach a snort box to this port.

How can I configure a "port span/mirror" on the linux box? The snort box
( needs to "see" all traffic passing through all router
ethernet devices.

I think I a set up a bridge won't work, cause nat doesnt work well with
brctl (I had lotta problems time ago).

I think iptables can't do the work,cause iptables dont support layer 2
redirects, doest it?

Thanks four your help!


INTERNET (dhcp) eth0 ----[ Router ] ---- eth2

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100314/718614c6/attachment.html>

More information about the Snort-users mailing list