Re: Newbie question -- Can Snort be installed in a routed mode instead of bridged mode?

[J Green <corpengineer () gmail com>]

Will check out daq nfq.  Appreciate the input.

Alternatively, does anyone know a good way to install in bridge mode, given
a more complicated network setup w/ Etherchannel (where there isn't just
one connection between switch & firewall)?


Thank you.

On Tue, Jul 26, 2016 at 3:48 AM, Y M <snort () outlook com> wrote:

> I think you can achieve a routed-like behavior using daq nfq. For example,
> check the following document on Snort's documentation website:
>
>
> https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/023/original/ids2ips.txt?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1469533533&Signature=VNqj9aWGbGin6%2Fb%2FriQ3rf6zn4s%3D
>
> YM
>
>
>
>
> On Tue, Jul 26, 2016 at 2:29 AM +0300, "J Green" <corpengineer () gmail com>
> wrote:
>
> Hello all:
>
> Have been reading up on how to install Snort, and I have come across two
> modes:  Bridged and SPAN.  Bridged mode would be preferable, but our
> network is configured with layer 2 VLAN'ing, and an Etherchannel connecting
> switches to the firewall.  So I do not see how I could physically connect
> Snort in Bridged mode, since there is not just one connection from switch
> to the firewall (where I could physically connect a Snort box inbetween).
> Was wondering if Snort supports a Routed mode, where the incoming interface
> is configured on one network subnet, and the outgoing interface is
> configured on a different network subnet?  If so, could you please direct
> me to supporting documentation re how to accomplish this?  My goal is to
> have Snort inspect traffic from one internal network destined to another
> internal network.
>
> Thank you.
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!