OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Graeme Fowler (graeme.fowlerhosteurope.com)
Date: Thu Jun 07 2001 - 09:51:23 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi folks

    > should be relatively straightforward to modify snort to
    > listen to at least 2 interfaces. this would have other
    > applications besides just support for ethertaps

    Alternatively just aggregate all the sniffing interfaces you have attached
    to a box using tcpdump. By default it will (in more recent releases, I
    realise some old ones don't do this) bind to all available interfaces. You
    can then pump the output from tcpdump to standard out, and then read it into
    snort on standard in as follows:

    tcpdump <options> -w - <expression> | snort <options> -r - <expression>

    Handy if, like me, you might want to watch multiple datastreams on multiple
    interfaces. Perverse? Maybe ;-)

    Graeme 

    -- 
Graeme Fowler
Systems Administrator
Host Europe Group plc

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users