Security Onion on SPAN Port
501 views
Skip to first unread message
Saeed khan
Jun 9, 2012, 8:23:47 AM6/9/12
to security-onion
Hi,
We have different DMZ's and currently i have attached the IDS box
(only one NIC) on our DMZ Switch and enabled the SPAN and i can easily
see other ports traffic but as you know on enabling SPAN i can't
access the snorby interface, remotely etc.
I am just thinking to adding one more interface and snorby interface
access by eth0 and SPAN another NIC.
Is it possible? and if Yes then should i add one more IP address on
the 2nd NIC or what will be the eth1 configuration?
Here is the details of the existing NIC.
==============================================================================
auto lo
iface lo inet loopback
# OR if using STATIC IP instead of DHCP
auto eth0
iface eth0 inet static
address 172.20.4.253
gateway 172.20.4.1
netmask 255.255.255.0
network 172.20.4.0
broadcast 172.20.4.255
==============================================================================
I hope you understand, what exactly i meant.
Waiting for prompt reply.
Regards,
Saeed
We have different DMZ's and currently i have attached the IDS box
(only one NIC) on our DMZ Switch and enabled the SPAN and i can easily
see other ports traffic but as you know on enabling SPAN i can't
access the snorby interface, remotely etc.
I am just thinking to adding one more interface and snorby interface
access by eth0 and SPAN another NIC.
Is it possible? and if Yes then should i add one more IP address on
the 2nd NIC or what will be the eth1 configuration?
Here is the details of the existing NIC.
==============================================================================
auto lo
iface lo inet loopback
# OR if using STATIC IP instead of DHCP
auto eth0
iface eth0 inet static
address 172.20.4.253
gateway 172.20.4.1
netmask 255.255.255.0
network 172.20.4.0
broadcast 172.20.4.255
==============================================================================
I hope you understand, what exactly i meant.
Waiting for prompt reply.
Regards,
Saeed
Scott Runnels
Jun 9, 2012, 10:23:56 AM6/9/12
to securit...@googlegroups.com
Hi Saeed,
If I understand correctly you just want to add another NIC to your Security Onion box. That should be fine, I think. See Doug's documentation on network settings here: http://code.google.com/p/security-onion/wiki/NetworkConfiguration
Vr
Scott
If I understand correctly you just want to add another NIC to your Security Onion box. That should be fine, I think. See Doug's documentation on network settings here: http://code.google.com/p/security-onion/wiki/NetworkConfiguration
Vr
Scott
Saeed khan
Jun 11, 2012, 3:01:20 AM6/11/12
to security-onion
Ohh thanks - last time i read it but why not i consider this scenario
at this time.
Sorry to disturb you.
Saeed
On Jun 9, 7:23 pm, Scott Runnels <srunn...@gmail.com> wrote:
> Hi Saeed,
>
> If I understand correctly you just want to add another NIC to your Security Onion box. That should be fine, I think. See Doug's documentation on network settings here:http://code.google.com/p/security-onion/wiki/NetworkConfiguration
>
> Vr
> Scott
>
at this time.
Sorry to disturb you.
Saeed
On Jun 9, 7:23 pm, Scott Runnels <srunn...@gmail.com> wrote:
> Hi Saeed,
>
> If I understand correctly you just want to add another NIC to your Security Onion box. That should be fine, I think. See Doug's documentation on network settings here:http://code.google.com/p/security-onion/wiki/NetworkConfiguration
>
> Vr
> Scott
>
Reply all
Reply to author
Forward
0 new messages