[Snort-users] port mirror with linux

phillip bailey pbailey at ...14793...
Mon Mar 15 17:23:22 EDT 2010


Hi,

there's any  performances issues regarding  Daemonlogger in a crowded network ?

Best regards,
phillip


On Sun, Mar 14, 2010 at 10:35 PM, Richard Bejtlich
<taosecurity at ...11827...> wrote:
> On Sun, Mar 14, 2010 at 3:02 PM, surman . <surmano.fumano at ...11827...> wrote:
>> Hi !
>>
>> I have a question.
>>
>> I have a linux box with 4 ethernet devices. This machine acts as router/
>> proxy / antivirus. I only use 3 ethernet devices, so I have 1 free port.
>>
>> I want to attach a snort box to this port.
>>
>> How can I configure a "port span/mirror" on the linux box? The snort box
>> (192.168.3.100) needs to "see" all traffic passing through all router
>> ethernet devices.
>>
>
> Hello,
>
> Seeing all interfaces at the same time isn't the greatest idea.
> However, if you really want to do that, you could try running one or
> more instances of Daemonlogger against the interface of interest and
> redirect the traffic to another interface where your Snort system is
> connected and listening.
>
> Sincerely,
>
> Richard
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list