[Snort-users] port mirror with linux
taosecurity at ...11827...
Sun Mar 14 17:35:46 EDT 2010
On Sun, Mar 14, 2010 at 3:02 PM, surman . <surmano.fumano at ...11827...> wrote:
> Hi !
> I have a question.
> I have a linux box with 4 ethernet devices. This machine acts as router/
> proxy / antivirus. I only use 3 ethernet devices, so I have 1 free port.
> I want to attach a snort box to this port.
> How can I configure a "port span/mirror" on the linux box? The snort box
> (192.168.3.100) needs to "see" all traffic passing through all router
> ethernet devices.
Seeing all interfaces at the same time isn't the greatest idea.
However, if you really want to do that, you could try running one or
more instances of Daemonlogger against the interface of interest and
redirect the traffic to another interface where your Snort system is
connected and listening.
More information about the Snort-users