RE: [Snort-users] starting snort
This is a discussion on RE: [Snort-users] starting snort within the Snort forums, part of the System Security and Security Related category; Okey, sorry I didn't wrote enough info ( I also have read the docs): This sensor will be in the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-17-2004
|
|||
|
|||
RE: [Snort-users] starting snort
Okey, sorry I didn't wrote enough info ( I also have read the docs):
This sensor will be in the dmz subnet when the port from the dmz switch that goes to the firewall will be mirrored to the port that the sensor nic ( in promisc mode ) will be in. The second nic will be in the internal lan switch so I can manage it and send alerts to the management server. Is it enough info ? Thanks -----Original Message----- From: Edin Dizdarevic [mailto:edin.dizdarevic@interActive-Systems.de] Sent: Tuesday, August 17, 2004 11:38 AM To: Juan Fernandez; snort-users@lists.sourceforge.net Subject: Re: [Snort-users] starting snort Hi, unfortunatelly you wrote nothing about your network setup. If all the traffic you want to observe is going over your sensor, no need to run the nics in the promisc mode. Otherwise you even have to, but please read the docs and older posts about running Snort on a switch or a hub. There is a small caveat outhere. Regards, Edin Juan Fernandez wrote: > > > Hi > > > > I have a question starting snort, > > > > I have 2 nics they are eth1 and eth2 I want that etc1 will be in > promisc mode. > > > > Now I read that to start snort I need to insert the following > command: > > > > Usr/local/snort/bin/snort -c /usr/local/snort/conf/snort.conf -l -I > eth1 -u snort_user -g snort_group > > > > Do I really need to insert the eth1 or eth2 ? I mean do I need to put > the promisc mode there or the other nic ? > > > > Thanks > > -- Edin Dizdarevic ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
