72


Chapter 2     Installing Snort and Getting Started


Figure 2 3 Running Snort in stealth mode on a system with two network adapters.


in stealth mode. This arrangement is shown in Figure 2 3 where network inter 


face eth1 is connected to a private isolated network and eth0 is connected to


a public network.


When you want to access the sensor itself, you go through network interface


eth1 which has an IP address configured to it. The management workstation shown in


the figure may be used to connect to the sensor either to collect data or to log informa 


tion to a centralized database. If many sensors are present in an organization, all of


these are connected to this isolated network so that they can log information to the cen 


tral database running on the management workstation or to some other database server


connected to this isolated network.


No IP address is configured on network interface eth0 which has connectivity to


the Internet. Interface eth0 remains in stealth mode but can still listen to the network


traffic from this side of the network.


Before starting Snort on eth0, you have to bring it up. On Linux systems, you


can do it by using the following command:


ifconfig eth0 up


The command makes the interface usable without allocating an IP address. After


that, you can start Snort on this interface by using   i eth0  command line option as


follows:


snort  c /opt/snort/etc/snort.conf  i eth0  D








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved