|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] how to configure snort with vlan
From: Russ Starr (russ.starr
gmail.com)
Date: Tue Sep 20 2005 - 12:24:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
My VLAN experience is limited on GNU/Linux, but give this a try. Use
this to test and make sure you are getting the packets you want.
(This assumes your interface is eth0 and you want to only see vlan 2)
snort -dev -i eth0 vlan 2
The "vlan 2" is a libpcap filter that should allow you to only see the
802.1q tagged messages for VLAN 2.
Try running your three instances of snort using the three VLANs you
are trunking on that port. Let me know if you have any luck. I am
curious.
-Russ
On 9/13/05, fiorenzi <fiorenzitiscali.it> wrote:
> Hi, my noc have mirrored 3 vlan on the same mirror port of the switch,
> and so I have all the traffic mirrored on the same port.
>
> I would like to run different istance of snort for each vlan coming from
> the same ethernet card, what I need and how can I do? In particular how
> do I say snort to listen on ethX on vlan id Y?
>
>
> Thanks very much
>
> Alessandro Fiorenzi
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server. Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]