Thu Nov 23 16:36:19 EST 2017
which Machine A is attached. Why would you expect it to hear anything?
> Consider, if we added Machine C on 220.127.116.11 connected via ethernet to
> Machine B eth1.
> If we nmap'd from Machine A to Machine C, would snort on
> machine B eth1 see the outbound traffic?
Of course. The packets would be "physically" going out of eth1 (or
of relevance to Snort, they would be going through the BPF device
listening on eth1).
> > This has nothing to do with a 100Mb/s or 10Mb/s. This behavior should
> > probably be clear from your routing table.
> Yup, the ethernet is not the issue. My routing tables don't have entries
> for the host's addresses as they aren't routed. They do have entries for
> local networks, and these are associated with interfaces so if anything my
> routing tables indicate the packet would be routed to the interface (if it
> wasn't processed as a local delivery first).
Crist J. Clark cjclark at ...485...
More information about the Snort-users