RE: [Snort-users] Snorting on 2 interfaces
This is a discussion on RE: [Snort-users] Snorting on 2 interfaces within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ----=_NextPart_ST_09_52_25_Monday_April_19_2004_32542 Content-Type: text/plain; charset="us-ascii" Content-...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-19-2004
|
|||
|
|||
RE: [Snort-users] Snorting on 2 interfaces
This is a multi-part message in MIME format.
----=_NextPart_ST_09_52_25_Monday_April_19_2004_32542 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable It has been discussed on this list many many times. http://www.google.com/search?sourcei...=3DUTF-8&q=3D= run+ snort+two+interfaces http://www.google.com/search?hl=3Den...Drun+snort+mu= ltipl e+interfaces Patrick S. Harper | CISSP RHCT MCSE Information Security Engineer patrick.harper@phns.com=20 > _____________________________________________=20 > From: snort-users-admin@lists.sourceforge.net > [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Conan > the Librarian > Sent: Saturday, April 17, 2004 1:26 PM > To: snort-users@lists.sourceforge.net > Subject: [Snort-users] Snorting on 2 interfaces >=20 > Hello all, >=20 > Need a little help here configuring snort to sniff on two interfaces > simultaneously in a low traffic environment.=20 >=20 > Tried editing /etc/init.d/snort config file with IFACE=3Deth0,eth1 then > IFACE=3D[eth0,eth1] then two separate lines of IFACE=3Deth0 and IFACE=3De= th1 > all with no joy. Read Beale, Foster and Posluns' book cover to cover. > Checked man pages. Searched archives. All have HINTS that it can be > done but no one specifies the syntax of the initiation or conf file. >=20 > Anyone done this before? >=20 > MJ >=20 > << File: ATT32167.txt >>=20 Disclaimer: This electronic message, including any attachments, is confidential and int= ended solely for use of the intended recipient(s). This message may contain= information that is privileged or otherwise protected from disclosure by a= pplicable law. Any unauthorized disclosure, dissemination, use or reproduct= ion is strictly prohibited. If you have received this message in error, ple= ase delete it and notify the sender immediately.=20 ----=_NextPart_ST_09_52_25_Monday_April_19_2004_32542 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"= > <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 6.0.6249.1"> <TITLE>RE: [Snort-users] Snorting on 2 interfaces</TITLE> </HEAD> <BODY> <!-- Converted from text/rtf format --> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">It has been discussed on= this list many many times.</FONT> </P> <P><A HREF=3D"http://www.google.com/search?sourceid=3Dnavclient&ie=3DUT= F-8&oe=3DUTF-8&q=3Drun+snort+two+interfaces"><U></U><U><FONT COLOR=3D= "#0000FF" SIZE=3D2 FACE=3D"Arial">http://www.google.com/search?sourceid=3Dn= avclient&ie=3DUTF-8&oe=3DUTF-8&q=3Drun+snort+two+interfaces</FO= NT></U></A> </P> <P><A HREF=3D"http://www.google.com/search?hl=3Den&ie=3DUTF-8&oe=3D= UTF-8&q=3Drun+snort+multiple+interfaces"><U></U><U><FONT COLOR=3D"#0000= FF" SIZE=3D2 FACE=3D"Arial">http://www.google.com/search?hl=3Den&ie=3DU= TF-8&oe=3DUTF-8&q=3Drun+snort+multiple+interfaces</FONT></U></A> </P> <P><FONT SIZE=3D2 FACE=3D"Arial">Patrick S. Harper | CISSP RHCT MCSE</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">Information Security Engineer</FONT> <BR><FONT SIZE=3D2 FACE=3D"Arial">patrick.harper@phns.com </FONT> </P> <BR> <BR> <P><FONT SIZE=3D1 FACE=3D"Tahoma">__________________________________ _______= ____ </FONT> <BR><B><FONT SIZE=3D1 FACE=3D"Tahoma">From: </FONT></B> <FONT SIZE=3D= 1 FACE=3D"Tahoma">snort-users-admin@lists.sourceforge.net [</FONT><A HREF=3D= "mailto:snort-users-admin@lists.sourceforge.net"><U><FONT COLOR=3D"#0000FF"= SIZE=3D1 FACE=3D"Tahoma">mailto:snort-users-admin@lists.sourceforge.net</F= ONT></U></A><FONT SIZE=3D1 FACE=3D"Tahoma">] </FONT><B> <FONT SIZE=3D1= FACE=3D"Tahoma">On Behalf Of</FONT></B> <FONT SIZE=3D1 FACE=3D"Tahoma">Con= an the Librarian</FONT></P> <P><B><FONT SIZE=3D1 FACE=3D"Tahoma">Sent: </FONT></B> <FONT SIZ= E=3D1 FACE=3D"Tahoma">Saturday, April 17, 2004 1:26 PM</FONT> <BR><B><FONT SIZE=3D1 FACE=3D"Tahoma">To: </FONT></B= > <FONT SIZE=3D1 FACE=3D"Tahoma">snort-users@lists.sourceforge.net</FONT> <BR><B><FONT SIZE=3D1 FACE=3D"Tahoma">Subject: &n bsp= ; </FONT></B> <FONT SIZE=3D1 FACE=3D"Tahoma">[Snort-users] Snort= ing on 2 interfaces</FONT> </P> <P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">Hello all,</FONT> </P> <P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">Need a little help here = configuring snort to sniff on two interfaces simultaneously in a low traffi= c environment. </FONT> </P> <P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">Tried editing /etc/init.= d/snort config file with IFACE=3Deth0,eth1 then IFACE=3D[eth0,eth1] then tw= o separate lines of IFACE=3Deth0 and IFACE=3Deth1 all with no joy. Read Bea= le, Foster and Posluns’ book cover to cover. Checked man pages. Searc= hed archives. All have HINTS that it can be done but no one specifies the s= yntax of the initiation or conf file.</FONT></P> <P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">Anyone done this before?= </FONT> </P> <P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">MJ</FONT> </P> <P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial"> << File: ATT= 32167.txt >> </FONT> </P> <br><br><br><br>Disclaimer:<br>This electronic message, including any attac= hments, is confidential and intended solely for use of the intended recipie= nt(s). This message may contain information that is privileged or otherwise= protected from disclosure by applicable law. Any unauthorized disclosure, = dissemination, use or reproduction is strictly prohibited. If you have rece= ived this message in error, please delete it and notify the sender immediat= ely. <br><br><br></BODY> </HTML> ----=_NextPart_ST_09_52_25_Monday_April_19_2004_32542-- ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
