Can you use tcpdump? I don't know if it's possible to use it's output in Snort or not, but tcpdump reports EVERYTHING (within the parameters you specify)....
Shawn -----Original Message----- From: Johnny Stork [mailto:[EMAIL PROTECTED]] Sent: Friday, February 07, 2003 10:04 AM To: [EMAIL PROTECTED] Subject: (clug-talk) Snort and IPtables Does anyone know if there is a way to have snort monitor an external NIC so that it responds BEFORE the iptables firewall rules? So far, when running on the same box I can only get it to respond to scans on ports that are open and make it through the firewall. <hr> <b><font color=blue size=4>Open Enterprise Solutions</font></b> <b><font color=red>Linux & Open Source Solutions for Business</font></b> Johnny Stork, BA Calgary, AB Canada <a href="http://www.openenterprise.ca";> www.openenterprise.ca</a> --------------------------------------------------- The Webtop Personal Web-based Email System http://www.yourwebtop.com
