mailing list archives
Re: Monitoring Multiple Subnets
From: Shaun Marlin <shaun.marlin () canalta com>
Date: Mon, 13 May 2013 15:23:55 +0000
That does make sense. The thing that I am most concerned about is because there is an unmanaged switch, could it fail?
I would love to have a SPAN setup, but that isn't in the budget.
From: Seth Dunn [mailto:seth () d2ms com]
Sent: Monday, May 13, 2013 9:17 AM
To: Shaun Marlin; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Monitoring Multiple Subnets
For what I did....I don't have quite the same setup as you, but I needed to monitor multiple LANs.
10.75.x.x/24 and 10.76.x.x/24
I am using a Cisco switch for my networks.
I set up SPAN on my switch, RSPAN is also available, to copy traffic from two ports in which inbound/outbound traffic
flows for these LANs.....and set up the destination port for the port that my Snort box is listening on.
Then as someone noted, in your snort.conf file you need to make sure these two networks are part of your $HOME variable.
From: Shaun Marlin [mailto:shaun.marlin () canalta com]
Sent: Monday, May 13, 2013 11:04 AM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] Monitoring Multiple Subnets
I am building a SNORT box to monitor my network. I have 2 ISP's. Is it possible to have the 2 ISP's connect into an
unmanaged switch, then have SNORT configured with an IP from each block that I have, and finally pass the traffic back
onto the switch that goes into my network?
Sorry for the run on question there
Essentially I am looking for something like this
SNORT would endup monitoring 3 different subnets. For instance 18.104.22.168/27 22.214.171.124/27 and 126.96.36.199/29.
Does anyone see a reason why this would not work
Canalta Family of Companies
2109 - 545 Highway 10 East
Drumheller AB Canada T0J 0Y0
PHONE: (403) 820-3865
CELL: (403) 334-1313
EMAIL: shaun.marlin () canalta com<mailto:shaun.marlin () canalta com>
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!