Snort mailing list archives
RE: Two Ethernet Interfaces?
From: Security Admin <SecurityAdmin () hyprotech com>
Date: Tue, 5 Nov 2002 07:47:28 -0700
Hi Mike, I run all my sensors with dual nics, but there would not be an issue with a single nic. I use dual nics for security reasons. All logging to my database and my access for management and maintenance is done through 1 nic, the second nic runs in promiscuous mode and does the logging. The promiscuous mode nic has no stack (no ip address), and attaches to the monitored net using a one ay cable. I am also monitoring 10mbit pipes with my sensors and have no performance issues. Snort runs in promiscuous mode when you start it, as far as I know that isn't an option. Cheers, Wayne http://www.inetsecurity.info -----Original Message----- From: Mike Koponick [mailto:mike () redhawk info] Sent: Monday, November 04, 2002 3:20 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Two Ethernet Interfaces? I was wondering if it was absolutely necessary to have TWO ethernet interfaces for the Snort sensor? Is this done for security or performance issues? I would think that if you had one interface it would work fine if there wasn't a lot of traffic. However, I would like to run in promisc mode, as I could "catch" more traffic that way, so I would assume if you wanted to run in promisc mode you would have to have two ethernet interfaces, true? Thanks in advance for you help. Mike ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Two Ethernet Interfaces? Peter Param (Nov 04)
- <Possible follow-ups>
- RE: Two Ethernet Interfaces? Scott, Joshua (Nov 04)
- RE: Two Ethernet Interfaces? Mike Koponick (Nov 04)
- Re: Two Ethernet Interfaces? Justin Jessup (Nov 04)
- RE: Two Ethernet Interfaces? Security Admin (Nov 05)
- RE: Two Ethernet Interfaces? Security Admin (Nov 06)