Hi Duncan,
On Fri, Apr 28, 2006 at 10:45:24AM -0500, Duncan Shannon wrote:
> Can I run pmacct on my (Fedora) system that is seeing all in/out traffic
> (for snort) that is on a passive Ethernet tap?
Just to fully agree with Sven's reply and to add that both Snort and pmacctd
are libpcap-based: t
Duncan Shannon schrieb:
> Is it as easy as downloading and setting it up? I guess the conflicts im
> wondering about would be does pmacct care that there is no IP on the
> interface and that its in promiscuous mode?
The complexity of setting it up depends on the complexity of your needs. But
wha
Hi-
I am trying to get a handle on traffic on a network, which has some
old-osh equipment and we cant really cant get what we need/want from our
firewall, router etc.
I box that was setup to run Snort, with a passive Ethernet tap between
our router and firewall.
Eth0 is LAN
Eth1 is Inbound traff
