Hello- The configuration of using the built-in NIC (which I didn't know was Gigabit!) for InterMapper and the secondary NIC for SNORT worked. At first I was running SNORT and InterMapper on the same NIC, and that worked as well! Of course, I was getting a lot of false positives for SNMP and ICMP traffic generated by InterMapper (!).
Thanks, Mark P. - Mark C. Persiko, Network Engineer - IT Division, Boulder Valley School District -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William W. Fisher Sent: Tuesday, October 26, 2004 9:55 AM To: InterMapper Discussion Subject: Re: [IM-Talk] Binding InterMapper to One NIC On Oct 25, 2004, at 11:01 AM, Mark Persiko wrote: > On an PowerMac G4 running OS X 10.3.5 (or any Mac, for that matter), is > there any way to bind InterMapper's monitoring to one network interface > (NIC)? The purpose would be to use a 2nd NIC to run other network > management applications (such as xnmap, SNORT, etc) or for management > purposes. Mark: There is currently no way to tell InterMapper that you want it to bind it's network interfaces to a specific interface on the machine. InterMapper is currently implemented to bind to "any address" which effectively delegates the choice of outgoing interface to the operating system. On OS X, if a packet is destined for a directly connected IP subnet, the OS will send the packet out the interface connected to that subnet. If the packet is destined for any other subnet, OS X consults its routing table. Normally, the routing table uses a default route which is associated with the first network interface, so the packet is sent out the first interface to the local router. For a Mac with multiple interfaces, the following steps may provide a work-around: In the System Preferences app, click on Network and then "Show Network Port Configurations". The first interface in the list should be your primary network interface that you want InterMapper to use for monitoring. The second interface in the list should be the 2nd NIC. Manually assign a bogus IP address and subnet mask to the second NIC. There shouldn't be any packets destined for the bogus subnet so no traffic should emanate from the 2nd NIC. InterMapper's traffic will continue to use the primary interface. Passive network monitoring apps should still be able to listen on the 2nd NIC, but any active traffic should go in/out the primary interface only. I have not confirmed that this will work; please let me know if I've missed something. Regards, Bill Fisher Dartware, LLC ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED]
