[Snort-users] Place to install Snort
wkitty42 at ...14940...
Fri Jan 23 14:27:18 EST 2015
On 1/22/2015 11:43 PM, Minh Trung wrote:
> Is this possible to place Snort on vmware ? which spec i need to
> configuration for this machine? I want to capture all from Router, how to
> configuration Snort to listen everything on Router, how configuration
> router look like?
> Any suggestion please let me know
you probably really want to put your sensor as close to the router if you want
it to sniff all the traffic the router sees... perhaps an inline configuration
where the traffic passes from the router through the sensor... if not set there
in inline mode, then hung off of there so sniff the traffic as it passes by...
but you can probably also use a dedicated nic in the vm machine for snort to use
and have that wired to a span or mirror port from the router...
there are numerous ways but which you choose depends on what you want snort to
do for your environment... do you want it to just detect and alert? do you want
it to detect, alert and block? there're more decisions but i'm not sure of any
design examples or drawings with the various layouts possible... this is
something you really need to study and consider the options for...
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-users