Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Bonding or bridging two subnets

from [barryab63-ia] Network Security [Permanent Link]
Subject: Re: [Snort-users] Bonding or bridging two subnets
Date: Wed, 28 Dec 2005 04:06:00 -0800 (PST) 
Robert,
 
First, lets try to head something off before it gets started.  It's not a good 
idea to post the same question twice, especially within minutes of each other.  
This is a free support and it can take time to get answers.  Some people get 
very irritated about this.
 
I don't think you'll want to bond or bridge the two interfaces in the case you 
describe.  I think you'll want to run multiple instances of snort, one for each 
of the two interfaces you want to monitor.  If you installed via RPM on SUSE I 
think you can do this by changing the settings in the /etc/sysconfig/snort 
file.  You just tell it which interfaces you want snort to monitor and it 
pretty much takes care of everything for you.
 
Barry



----- Original Message ----
From: R. Welz <welz@fixe-post.de>
To: snort-users@lists.sourceforge.net
Sent: Wednesday, December 28, 2005 8:58:02 PM
Subject: [Snort-users] Bonding or bridging two subnets


Hello.
I do my first steps with snort. I want to run snort on a router+firewall
(SuSE Linux 10) to observe the traffic of my internal network and my DMZ.
Internet is not considered beeing observed.

I have three nics: 192.168.11.1 (==a)
192.168.12.1 (==b)
internet.ip.nnn.nnn (not to be considered)

So snort shall observe the traffic on a) and b).

Shall I bond the two nics together to a virtual interface? Or shall I
simply bridging here?

Thanks for help,
Robert



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Bonding or bridging two subnets, R. Welz
Next by Date:  Re: [Snort-users] Bonding or bridging two subnets, barryab63-ia
Previous by Thread:  [Snort-users] Bonding or bridging two subnets, R. Welz
Next by Thread:  Re: [Snort-users] Bonding or bridging two subnets, barryab63-ia
Indexes:  [Date] [Thread] [Top] [All Lists]