On Mon, 2004-07-19 at 15:42, Aleksandar Milivojevic wrote:Question. Iniside firewall as in "on separate machine inside firewall", or as in "on the same machine as firewall"?
-snip-
In later case, what you are seeing is what you were supposed to see (if I'm correct on how snort works, by sniffig network traffic directly from the network interface).
Same machine. I think that Snort only sees what gets through the firewall.
Actually, if Snort is sniffing traffic directly on the network interface (like tcpdump or ethereal), than it will see the packets as they arrive on the wire (before Netfilter can filter them out).
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
