[Snort-users] Snort Deployment

Joe Pampel jpampel at ...14829...
Mon May 3 06:50:58 EDT 2010

If your budget allows, the most flexible solution is a tap. Otherwise
if you have a switch outside the firewall see if it supports span
ports. You would span the port which represents the traffic you are
trying to watch.
  You need a snort sensor with 2 interfaces (min) one is ip'd and for
management, the other is unnumbered and will connect to the span port.

There are other ways, but there are two to get you started.


On May 3, 2010, at 4:38 AM, "Kum Weng Luey" <kumwengluey at ...11827...>

> Hi guys,
> I have been trying out snort for quite some time now and it works
> great. I do want to try implementing snort in a live environment but
> am kinda clueless how. I want to sniff for traffic before it hits
> the firewall and enters the internal network. What would be the most
> optimal setup for the PC and how many interfaces do I need?
> Hope to get some advice. Thanks a lot.
> Regards,
> KW
> <ATT00001..txt>
> <ATT00002..txt>

The information contained in this correspondence is intended solely for the person or entity entitled to receive the confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, please destroy and/or delete this correspondence and the attachment(s).

More information about the Snort-users mailing list