You've pretty much got two options on this. You can have a stealth interface (which just means you've got no IP address assigned to it, so it listens on the network but there's no address to hit it on), or you can go all out and attach it to your hub/switch with a listen-only cable (one with the transmit wires removed).
On Sat, 25 May 2002, Richard R. Kaufman wrote: > I would like to start using snort IDS. I have a linux box all built and > hardened (per much of the this list's guidance!) but now would like to > know how to *truly* secure my second network card that will have snort > listening on. What are a few things I should bear in mind when "locking > down" this card? What makes the card "stealth?"
