* Rens Houben <[EMAIL PROTECTED]> [2001.12.03 13:02:50+0100]: > Anyways, I've been following this thread and wondering: Is there any > reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level protocols. if you run it on a bridge, it will have a hard time seeing any data because the bridge will "relay" before ip is touched. snort should still be able to get the data because while the bridging code may or may not rewrite the frame and send it out on another interface, it does not prevent the encapsulated data to be branched off for snort's use. but i am not sure actually. if you do use snort on another machine you should consider that the traffic on either side of the bridge is not always the same... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck as i was going up the stair i met a man who wasn't there. he wasn't there again today. i wish, i wish he'd stay away. --hughes mearns
msg04630/pgp00000.pgp
Description: PGP signature
