[Snort-users] Mirroring port
wkitty42 at ...14940...
Thu Jul 18 11:28:33 EDT 2013
On 7/18/2013 09:42, Abid Ayoub wrote:
> I want to manage my small network. i have coonected snort to the mirror port of
> the switch .
> For the sniff , ok . But when i want tio block a traffic like tcp traffic, i
> can not.
> is there a solution for that?
yes... what you want is IPS (or inline mode) and not just a (hidden) IDS
sniffer... that means at least two ports on the snort box with traffic entering
on one port, traversing thru snort and then out the other port...
uncle google found the following with a search for "snort IPS inline how"
> Can i sniff from an interface (eth0) and apply instruction from another
> interface (eth1)?
there is that possibility as well... the other interface is known as an admin
interface, IIRC... in IPS inline mode, you would have three ports in your snort
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users