Re: [SLUG] Snort!

From: Brian Coyle (brian@linuxwidows.com)
Date: Sun Jul 28 2002 - 15:15:14 EDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 28 July 2002 14:05, Russell Hires wrote:

> guess that snort is sniffing for packets that come across the ppp0
> interface. Right?

snort will sniff where ever you tell it. There's a '-i' cmdline switch
to specify an interface. I usually watch the outside (ppp0) interface
just to see everything that knocks on the door. You could set it to
the inside ethX if you want to see only the stuff getting past the
firewall.

Once you get snort running to your liking, be sure to checkout
SnortSnarf to build purdy web reports!

http://www.silicondefense.com/software/snortsnarf/

 
- --
"We choose to go to the moon, and do the other things...
 Not because they are easy, but because they are hard." -JFK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9RELCER3MuHUncBsRAkrbAJ9Ln1g5SGH/e3wQtgH9hy0hKCkqRgCfSFGS
6mO9r1fAyvPPD6XbbSPhWmc=
=dFZf
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 14:46:57 EDT