[Snort-users] Place to install Snort

Minh Trung mvtrung27 at ...11827...
Wed Jan 28 04:30:56 EST 2015

Hello expert,

I miss my network design.

Here is the full of design:

[image: Inline images 1]

Where i can place Snort to detect, alert and block if it can? is it
possible running Snort on VMware?

Any suggestion, please let me know


On 24 January 2015 at 02:27, waldo kitty <wkitty42 at ...14940...> wrote:

> On 1/22/2015 11:43 PM, Minh Trung wrote:
> [...]
> >
> > Is this possible to place Snort  on vmware ? which spec i need to
> > configuration for this machine? I want to capture all from Router, how to
> > configuration Snort to listen everything on Router, how configuration
> > router look like?
> > Any suggestion please let me know
> you probably really want to put your sensor as close to the router if you
> want
> it to sniff all the traffic the router sees... perhaps an inline
> configuration
> where the traffic passes from the router through the sensor... if not set
> there
> in inline mode, then hung off of there so sniff the traffic as it passes
> by...
> but you can probably also use a dedicated nic in the vm machine for snort
> to use
> and have that wired to a span or mirror port from the router...
> there are numerous ways but which you choose depends on what you want
> snort to
> do for your environment... do you want it to just detect and alert? do you
> want
> it to detect, alert and block? there're more decisions but i'm not sure of
> any
> design examples or drawings with the various layouts possible... this is
> something you really need to study and consider the options for...
> --
>   NOTE: No off-list assistance is given without prior approval.
>         Please *keep mailing list traffic on the list* unless
>         private contact is specifically requested and granted.
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150128/20bb0273/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 49553 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150128/20bb0273/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nw.PNG
Type: image/png
Size: 55008 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150128/20bb0273/attachment-0001.png>

More information about the Snort-users mailing list