Hi- I am trying to get a handle on traffic on a network, which has some old-osh equipment and we cant really cant get what we need/want from our firewall, router etc.
I box that was setup to run Snort, with a passive Ethernet tap between our router and firewall. Eth0 is LAN Eth1 is Inbound traffic (in promiscuous mode) thru tap Eth2 is outbound traffic (in promiscuous mode ) thru tap in promiscuous mode Pmacct looks like a great tool and I'd love to give it a try. I did search a bit on the archives, but didn't find much. Im very sorry if this has been covered recently. Can I run pmacct on my (Fedora) system that is seeing all in/out traffic (for snort) that is on a passive Ethernet tap? Is it as easy as downloading and setting it up? I guess the conflicts im wondering about would be does pmacct care that there is no IP on the interface and that its in promiscuous mode? Thanks very much in advance; I appreciate it. duncan Duncan Shannon Techfluent, Inc. (P) 612-338-1300 (F) 612-638-1310 [EMAIL PROTECTED] www.techfluent.com _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
