[Snort-users] Question about Inline mode

Michael Altizer maltizer at ...1935...
Sun Dec 4 23:14:56 EST 2011


On 12/04/2011 09:36 PM, Albert E. Whale wrote:
> When using either NFQ or the DAQ modules, are the interfaces bonded 
> together?  I completely understand that the Management interface is 
> assigned an IP Address, a gateway and a network (subnet mask).
>
> What happens to the two interfaces used in inline mode?  If I place 
> the sensor inline, are the interfaces numbered?  DO I need to fully 
> provide networking (routing) between the interfaces?
With the AFPacket DAQ module, the interfaces just need to be configured 
as "up" (ifconfig ethX up).  The module opens the interfaces in 
promiscuous mode and will forward all packets received on each interface 
that are not blocked by the reader out the other.  No further setup is 
required.

If I recall correctly, the PFRing module works in much the same fashion.




More information about the Snort-users mailing list