[Snort-users] Place to install Snort

Minh Trung mvtrung27 at ...11827...
Fri Jan 23 20:17:45 EST 2015


Hi,

I think i want to Snort detect and alert,also block is better but i already
have firewall.

You means vmware need to connect directly to router via wire?

So how the configuration on router look like?

Any help is appreciated,

On 24 January 2015 at 02:27, waldo kitty <wkitty42 at ...14940...> wrote:

> On 1/22/2015 11:43 PM, Minh Trung wrote:
> [...]
> >
> > Is this possible to place Snort  on vmware ? which spec i need to
> > configuration for this machine? I want to capture all from Router, how to
> > configuration Snort to listen everything on Router, how configuration
> > router look like?
> > Any suggestion please let me know
>
> you probably really want to put your sensor as close to the router if you
> want
> it to sniff all the traffic the router sees... perhaps an inline
> configuration
> where the traffic passes from the router through the sensor... if not set
> there
> in inline mode, then hung off of there so sniff the traffic as it passes
> by...
>
> but you can probably also use a dedicated nic in the vm machine for snort
> to use
> and have that wired to a span or mirror port from the router...
>
> there are numerous ways but which you choose depends on what you want
> snort to
> do for your environment... do you want it to just detect and alert? do you
> want
> it to detect, alert and block? there're more decisions but i'm not sure of
> any
> design examples or drawings with the various layouts possible... this is
> something you really need to study and consider the options for...
>
> --
>   NOTE: No off-list assistance is given without prior approval.
>         Please *keep mailing list traffic on the list* unless
>         private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150124/757d59c4/attachment.html>


More information about the Snort-users mailing list